Apple Releases Security Patch for macOS High Sierra Root Access Flaw

1 minute read
| News

Apple didn’t waste any time getting a patch out for the macOS High Sierra security flaw that gives people root access to your Mac without requiring a password. The flaw too the internet by storm on Tuesday, and by Wednesday morning the patch was ready to download.

macOS High Sierra root user security flaw gets patches

Apple patches macOS High Sierra root user security flaw

The security flaw lets anyone enter “root” as the user name to login or in the Users & Groups authentication dialog without a password. Clicking Unlock multiple times authenticates as root, giving you root-level privileges. That’s a huge security flaw because root is the supreme user on your Mac and can do anything from look at invisible files to delete user accounts.

Apple’s security notes say the problem involved a “logic error existed in the validation of credentials. This was addressed with improved credential validation.”

Security Update 2017-001 fixes the issue. It’s a free download for all macOS High Sierra users; just go to Apple menu > App Store, and click the Updates tab to find it.

3 Comments Add a comment

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account