macOS High Sierra 10.13.1 Update Can Break the Root Password Security Patch, Here’s How to Fix it

1 minute read
| Quick Tip

Apple’s macOS High Sierra root password bug is pretty serious, and if you update to version 10.13.1 from 10.13 after installing the patch you may undo the the security fix. Here’s how to make sure you’re really protected from the bug.

The macOS High Sierra root password bug is a pretty serious security breach because it lets anyone log into your Mac as the root user without a password. When you’re logged in as root you have access to everything on the computer, can add and remove software without restrictions, and can delete user accounts.

Apple fixed the security flaw with the Security Update 2017-001 patch, but apparently hasn’t replaced its macOS High Sierra 10.13.1 updater to include it. The end result is if you install the patch while running macOS 10.13, and then update to 10.13.1, you can reintroduce the security flaw.

Here’s how to verify if the security patch is installed on your Mac after updating to macOS High Sierra 10.13.1:

  • Go to the Utilities folder in Applications and launch Terminal
  • Enter this command, them press Return: what /usr/libexec/opendirectoryd
  • If the security patch is installed Terminal will respond with opendirectoryd-483.20.7
Terminal showing Security Update 2017-001 installed on macOS High Sierra 10.13.1

Good news! Security Update 2017-001 is installed on my Mac.

If you see a lower number the security update isn’t in place. To reinstall Security Update 2017-001 in macOS High Sierra 10.13.1 go to Apple menu > Software Update and look to see if the updater is listed. If so, install it right away.

If you don’t see the security patch in Software Update, go to Apple’s webpage for the security update and download it from there. You’ll need to double-click the installer after downloading so it can patch macOS High Sierra for you.

4
Leave a Reply

Please Login to comment
2 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
furbiesMacfoxgeoduckwab95 Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
geoduck
Member
geoduck

I normally don’t wish ill on anyone…but, The people in charge of OSs and Software need to have some very tense meetings. Someone from on high needs to land on the whole department with both feet. This kind of a FU is simply not acceptable. Certainly not for a company that prides itself on protecting customer data the way Apple does. If one of the programmers where I work blew it this bad they’d get their walking papers, and I work for a small company. It’s even worse for the OS of a major hardware company like Apple. If it… Read more »

Macfox
Member
Macfox

Totally agree!

furbies
Member
furbies

+1

wab95
Member
wab95

Apple fixed the security flaw with the Security Update 2017-001 patch, but apparently hasn’t replaced its macOS High Sierra 10.13.1 updater to include it. The end result is if you install the patch while running macOS 10.13, and then update to 10.13.1, you can reintroduce the security flaw.

Jeff:

As I’m sure you’re aware, this is a pretty serious assertion. Is this merely cautionary speculation, or do we know that Apple have definitely not incorporated the security patch into the OS update?

If it’s the latter, then this would qualify as SUSFU.