The security flaw allows anybody to access any MacBook or iMac running on macOS High Sierra by simply feeding the username as ‘Root’ and leaving the password field blank. Apple had promised to fix the issue at the earliest.
Users can simply open the Mac App Store and tap on ‘Updates’ tab. When prompted, download and the install it. The release note says “install this update as soon as possible,” rightfully suggesting it to be an important update. On the support page it says “A logic error existed in the validation of credentials. This was addressed with improved credential validation.”
The company even provided a statement to several media houses saying, “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
If you still haven’t received the update patch, there is a temporary workaround for you.
Here’s what can be done:
– Open System Preferences
– Choose Login Options
– Click on Join option, besides the Network Account Server
– In the small dialog box, click Open Directory Utility
– In the Finder bar, click Edit
– Choose the ‘Change Root Password’ from the drop down menu
– Pick a strong password.