Apple Fixes MacOS High Sierra Root Access Security Flaw

Apple Fixes MacOS High Sierra Root Access Security Flaw

Apple has just released a security update to fix the root security bug in macOS High Sierra. The details of the patch have been updated on Apple’s support website.

As per Apple, “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. 

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

See Also: Keep your Mac safe with Systweak Antimalware

The Story

This root security flaw allows anyone to access Mac as an admin and has not been received well by the users, because admin has full access to everything, like read/write permissions on all the files on Mac, including system files.

Apple has been quick to fix this problem. A new security update for Mac is now available to download and install. This patch will automatically be downloaded on Mac systems running the latest version (10.13.1) of the operating system.

 

Here’s how you can fix the root/ vulnerability on MacOS High Sierra:

 

If you’re running MacOS High Sierra, you can follow the steps below:

Click on Apple at the far left of the menu bar.

  1. Click on System Preferences.
  2. Click on Users and Groups.
  3. Click on the Lock (🔒) icon.
  4. Enter your Password.
  5. Click on Login Options.
  6. Click on Join or Edit.
  7. Click on Open Directory Utility.
  8. Click on the Lock (🔒) icon.
  9. Enter your Password.
  10. Click on Edit in the menu bar.
  11. Click on Enable Root User.
  12. Enter and confirm your Root User Password. (Make it a strong and a unique one!)

Do not disable the Root User. That just removes the password and allows the exploit to work again.

See Also: What is Phishing and How to Save Your System From It

Disclosure

The flow was disclosed by software developer Lemi Orhan Ergin. Later, Mr Ergin published a post on Medium defending his decision.

I am neither a hacker, nor a security specialist,” he wrote.

“I solely focus on secure coding practices while programming, but I can never call myself a security specialist.”

He said, his colleagues at payments firm Iyzico informed Apple about the flaw on 23 November. It had previously been discussed on open Apple support forums on 13 November – though the user described the issue more like a feature than a serious bug.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *