Apple releases security update for macOS to fix root login vulnerability

Yesterday, a serious security vulnerability was discovered in macOS 10.13 High Sierra that allows a user to gain admin access to the PC without the owner's password. All that's required is to use 'root' as the user name, and give it a couple of tries.

Apple jumped right on top of it, and Security Update 2017-001 is already available. Unfortunately though, it's only available for macOS 10.13.1, meaning that if you're running the 10.13.2 beta, you'll likely have to wait until the next build is released. Here's the changelog:

Available for: macOS High Sierra 10.13.1

Not impacted: macOS Sierra 10.12.6 and earlier

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.

CVE-2017-13872

After installing the new update, the build number for macOS should be 17B1002, which is changed from 17B48. It does not require a reboot.

Obviously, it's recommended that you install this update right away. To check for updates on your Mac, head over to the Mac App Store and click on the Updates tab.

Report a problem with article
Previous Story

Surface Studio gets a set of driver updates - here's what's new

Next Story

There are now 600 million monthly active Windows 10 devices

27 Comments - Add comment

Advertisement