Updating macOS can bring back the nasty “root” security bug

 In apple, Biz & IT, MacOS, macOS high sierra, root, Tech

Updating macOS can bring back the nasty “root” security bug

Serving the Technologist for more than a decade. IT news, reviews, and analysis.

Enlarge (credit: Andrew Cunningham)

The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 (and thus were running a prior version of the OS when they received the security update) found that installing 10.13.1 resurfaced the bug, according to a report from Wired.

For these users, the security update can be installed again (in fact, it would be automatically installed at some point) after updating to the new version of the operating system. However, the bug is not fixed in that case until the user reboots the computer. Many users do not reboot their computers for days or even weeks at a time, and Apple’s support documentation did not, at first, inform users that they needed to reboot. So some people may have been left vulnerable without realizing it. The documentation has been updated with the reboot step now.

The root bug allows anyone to log in or authenticate as a system administrator on systems running macOS High Sierra. In many circumstances, all they need to do is simply type in the username “root” and leave the password field blank, . The bug was so serious that it drew an uncharacteristically strong apology from Apple, which said its “customers deserve better.”

Read 1 remaining paragraphs | Comments

The security fix was rolled back when users updated to macOS 10.13.1.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt