Apple releases update to fix log in security flaw in Mac operating system
30 Nov 2017
On 29 November, Apple released Security Update 2017-001 in order to fix a serious vulnerability that allowed access to the root superuser account with a blank password on any of the Mac computers running macOS High Sierra version 10.13.1.
The bug was discovered in Apple's MacOS High Sierra version on 28 November, which in simple words, allowed anyone with access to a Mac to log in as the "root" user without providing any password.
This is highly unsafe since the "root" user has to read and write permissions to all the files on Mac, which includes system files.
According to Mac Rumors, the critical bug, which came to notice after it was tweeted by developer Lemi Ergin, allowed anyone to gain administrator privileges by simply entering the username "root" and a blank password in System Preferences > Users & Groups.
Apple has already issued a fix for this security problem under a new security update that can be downloaded and installed. This security patch would also be automatically pushed to all the devices running MacOs High Sierra today.
Apple has since apologised for the vulnerability in a statement issued to MacRumors: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
Considering the gravity of the situation, Apple advises that macOS users download the update as soon as possible. Apple said that its engineers learnt of the bug on Tuesday afternoon and were able to work on a patch within 24 hours.
Apple's statement as quoted by Reuters reads, ''We greatly regret this error and we apologize to all Mac users. Our customers deserve better. We are auditing our development processes to help prevent this from happening again. Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS.''