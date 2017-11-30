Apple has released an update to fix security exploit in macOS High Sierra Apple has released an update to fix security exploit in macOS High Sierra

Apple has pushed out an update to address the security flaw in the macOS High Sierra. The update fixes a massive security vulnerability which became public yesterday and allows anyone to access to a mac without a password. The fix, which is known as Security Update 2017-00, can be downloaded from the App store and checking for new updates. Apple is urging all affected mac users to install the update as soon as possible.

“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS”, Apple said in a statement provided to 9t05Mac. “We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

The vulnerability was first disclosed on Twitter by Turkish app developer Lemi Orhan Ergin. The developer publicly highlighted the flaw in for user using the latest macOS 10.13 version of the High Sierra operating system. The flaw grants anyone using a Mac machine admin access by clicking ‘other’ on the login screen and using ‘root’ as the username, no password needed. The bug evidently seems to be present in macOS High Sierra 10.13.1 – the latest version as well as in the macOS 10.13.2 beta, but does not affect older versions of macOS, like El Capitan.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple? — Lemi Orhan Ergin (@lemiorhan) November 28, 2017

“The root user account is not intended for routine use. Its privileges allow changes to files that are required by your Mac. To undo such changes, you might need to reinstall your system software. You should disable the root user after completing your task,”Apple security-page update reads.

