Apple Releases Update for Security Flaw in Mac OS High Sierra Operating System

Apple released a software update for the security bug in the MacOS 10.13.1 High Sierra operating system.

This vulnerability which lets anyone access gain the highest level of access to your Mac just by typing “root” in the username field without a password was disclosed on Tuesday by a developer named developer Lemi Orhan Ergin publicly on Twitter.

macos-high-sierra-password-bug

Apple immediately released a security update on Wednesday for this major yet silly vulnerability identified as CVE-2017-13872, through Security Update 2017-001 for macOS 10.13.1. The update is now available for download in Mac App Store. However, Apple said that it will automatically start installing the patch on all Macs running macOS High Sierra 10.13.1 except if your PC is running the 10.13.2 beta. These users have to wait until the next build is released.

Here’s the changelog:

Available for: macOS High Sierra 10.13.1

Not impacted: macOS Sierra 10.12.6 and earlier

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.

CVE-2017-13872

After the update is installed, the build number for macOS will be changed from 17B48 to 17B1002. It does not require a reboot.

security-update-macos-high-sierra-urgent-root-bug-fix

Apologizing to this major security flaw, Apple said in a statement that, “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

Discussion

Leave a Reply