It's supposed to be disabled by default on macOS. Here's what's important: The "root" account allows super-user access to your system.
#Mac sierra update bug Patch
Are you aware of it Lemi Orhan Ergin November 28, 2017Įrgin should absolutely have disclosed this to Apple and given the company a chance to patch it before it went public, and Apple should never have allowed the bug to ship, but none of that matters right now. Anyone can login as "root" with empty password after clicking on login button several times. The original patch caused issues with files sharing so Apple has pushed out a new version, 17B1002, to correct the problem.ĭear we noticed a *HUGE* security issue at MacOS High Sierra.
#Mac sierra update bug how to
Learn how to find the macOS version and build number on your Mac.
#Mac sierra update bug install
When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002. This was addressed with improved credential validation. Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's passwordĭescription: A logic error existed in the validation of credentials. Not impacted: macOS Sierra 10.12.6 and earlier Here are the details on the patch, from : If you don't, Apple will do it for you starting later today. You can find the security update in Software Updates and if you're running macOS High Sierra, you should download and install it now, then make sure everyone you know does the same. We are auditing our development processes to help prevent this from happening again."
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," an Apple spokesperson told iMore. While this bug should never have shipped, Apple's response to the problem and turn around time on the fix have been impressive and reassuring. Apple has just released a security update for macOS High Sierra that patches the "root" vulnerability dropped yesterday.
0 kommentar(er)
