Apple Releases Security Patch for macOS High Sierra Root Access Flaw

macOS High Sierra root user security flaw gets patches

Apple didn’t waste any time getting a patch out for the macOS High Sierra security flaw that gives people root access to your Mac without requiring a password. The flaw too the internet by storm on Tuesday, and by Wednesday morning the patch was ready to download.

macOS High Sierra root user security flaw gets patches
Apple patches macOS High Sierra root user security flaw

The security flaw lets anyone enter “root” as the user name to login or in the Users & Groups authentication dialog without a password. Clicking Unlock multiple times authenticates as root, giving you root-level privileges. That’s a huge security flaw because root is the supreme user on your Mac and can do anything from look at invisible files to delete user accounts.

Apple’s security notes say the problem involved a “logic error existed in the validation of credentials. This was addressed with improved credential validation.”

Security Update 2017-001 fixes the issue. It’s a free download for all macOS High Sierra users; just go to Apple menu > App Store, and click the Updates tab to find it.

3 thoughts on “Apple Releases Security Patch for macOS High Sierra Root Access Flaw

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.