Apple Releases Security Patch for macOS High Sierra Root Access Flaw

macOS High Sierra root user security flaw gets patches
Apple patches macOS High Sierra root user security flaw

Apple didn’t waste any time getting a patch out for the macOS High Sierra security flaw that gives people root access to your Mac without requiring a password. The flaw too the internet by storm on Tuesday, and by Wednesday morning the patch was ready to download.

macOS High Sierra root user security flaw gets patches
Apple patches macOS High Sierra root user security flaw

The security flaw lets anyone enter “root” as the user name to login or in the Users & Groups authentication dialog without a password. Clicking Unlock multiple times authenticates as root, giving you root-level privileges. That’s a huge security flaw because root is the supreme user on your Mac and can do anything from look at invisible files to delete user accounts.

Don’t miss the best of The Mac Observer

Set us as a preferred source and our Apple reporting ranks higher in your Google Search results and Discover feed — one tap, no account changes.

Or get it by email

Apple’s security notes say the problem involved a “logic error existed in the validation of credentials. This was addressed with improved credential validation.”

Security Update 2017-001 fixes the issue. It’s a free download for all macOS High Sierra users; just go to Apple menu > App Store, and click the Updates tab to find it.

Discussion

3 comments
Newest first
Join the discussionCommenting as a guest — your email is never published · Log in

Protected by Akismet — be kind, stay on topic.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Ned Subscriber 9 years ago

    The Macintosh? Oh, it’s a hobby. Next question.

    Reply
  2. geoduck Subscriber 9 years ago

    I knew Apple would be fast. That they’d be all over this. That’s why I didn’t try to fix it myself.

    Reply
  3. paikinho Subscriber 9 years ago

    What a major screw up.
    But a majorly quick security update as well.

    All back to normal.

    Reply