Apple’s macOS High Sierra root password bug is pretty serious, and if you update to version 10.13.1 from 10.13 after installing the patch you may undo the the security fix. Here’s how to make sure you’re really protected from the bug.
The macOS High Sierra root password bug is a pretty serious security breach because it lets anyone log into your Mac as the root user without a password. When you’re logged in as root you have access to everything on the computer, can add and remove software without restrictions, and can delete user accounts.
Apple fixed the security flaw with the Security Update 2017-001 patch, but apparently hasn’t replaced its macOS High Sierra 10.13.1 updater to include it. The end result is if you install the patch while running macOS 10.13, and then update to 10.13.1, you can reintroduce the security flaw.
Here’s how to verify if the security patch is installed on your Mac after updating to macOS High Sierra 10.13.1:
- Go to the Utilities folder in Applications and launch Terminal
- Enter this command, them press Return: what /usr/libexec/opendirectoryd
- If the security patch is installed Terminal will respond with opendirectoryd-483.20.7
If you see a lower number the security update isn’t in place. To reinstall Security Update 2017-001 in macOS High Sierra 10.13.1 go to Apple menu > Software Update and look to see if the updater is listed. If so, install it right away.
If you don’t see the security patch in Software Update, go to Apple’s webpage for the security update and download it from there. You’ll need to double-click the installer after downloading so it can patch macOS High Sierra for you.