Updating to macOS 10.13.1 Undoes Apple's 'Root' Bug Patch


The issue had been described online previously, including in the Apple Developer Forum earlier this month, but received more attention after Lemi Ergin, a Turkish software developer, tweeted about it Tuesday, asking Apple if it was aware of the "huge security issue".

Apple found itself rather red-faced last week when it was discovered that the root account of macOS High Sierra was accessible without a password.

A software developer unaffiliated with Apple publicized the problem Tuesday, saying people could log in to Apple computers running MacOS High Sierra by entering the user name "root" and no password, then clicking the login button several times. It seems that Apple was predicting a particular order in which users would do things, and this assumption means the original problem can be reintroduced.

Recently, Mac computers were reported to be facing, what is referred to as the "root" issue bug. This led multimedia developer Greg Edwards to tweet, "Are you running Mac OS High Sierra, and if so, when will you be away from your desk for 10-15 minutes today?"

The solution is a simple one - but one that has not been made sufficient clear by Apple.

Apple has yet to comment on this newfound issue. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.

Partly cloudy skies, temps above normal this weekend
We can expect mostly sunny skies with the highs in the low 40s and lows in the low 20s. Wednesday through Saturday look cold as highs only top out in the mid to upper 40s.

The company began working on an update to close the security loophole after hearing of the issue on November 29, to which Apple said that it has now patched that security flaw, along with a guide on how to fix it.

A few days ago, a serious security flaw with macOS High Sierra came to light. A user responding to a question about creating an admin account in the operating system noted on November 13 that one solution was to log in at startup with the username "root" and an empty password. "This is really REALLY bad".

It's good practise to reboot after applying updates to any operating system, but it's certainly not a widespread habit.

In the case of a fix for this latest vulnerability, "I would imagine [Apple] will be pushing it out as a high priority", Cluley said.

Apple seems to be doing badly in ensuring Macs are secure.