![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/06\/wwdc2017-hevc-macoshighsiera-100725612-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Wed, 29 Nov 2017 09:33:00 -0800<\/strong><\/p>\n With great apology, Apple has rushed to respond to the appalling macOS High Sierra security flaw<\/a>, issuing a software update that has been made immediately available for download and will be automatically installed in existing Macs.<\/p>\n Apple has shared the following statement:<\/p>\n “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.<\/p>\n \u201cWhen our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.\u00a0<\/p>\n \u201cWe greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are\u00a0auditing our development processes to help prevent this from happening again.\u201d<\/p>\n The flaw meant that anyone with physical access to a Mac could open the system in root mode just by typing the word root and leaving the password field blank, as explained here.<\/p>\n Apple\u2019s security update page describes it thus<\/a>:<\/p>\n \u201cImpact: An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password<\/p>\n Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.\u201d<\/p>\n What is important to note is that once this update is installed on your Mac you will need to re-enable the root user. That\u2019s probably not going to bother most Mac users, but may be significant to those system administrators in some deployments.<\/p>\n \u201cIf you require the root user account on your Mac, you will need to\u00a0re-enable the root user and change the root user’s password<\/a>\u00a0after this update,\u201d Apple warns.<\/p>\n Apple deserves some praise for reacting to the flaw so swiftly.<\/p>\n While the problem should never have existed, the company has certainly acted fast, apologized and shown just how seriously it takes this problem.<\/p>\n You can tell the company takes this very seriously as it has chosen to use its capacity to automatically update Macs.<\/p>\n This is only the second time the company has chosen to do this, the first was way back in 2014 when it chose to use an automatic security update mechanism to deploy a fix for a critical vulnerability in NTP, or Network Time Protocol.<\/p>\n \u00a0Apple at that time said the issue was sufficiently severe that it wanted to act fast to protect its customers.<\/p>\n While I still think that the existence of the latest, quickly-patched flaw was not up to Apple\u2019s standard, the speed with which the company has issued this patch shows just how much more focused the company can be on security than some competitors.<\/p>\n I advice all Mac users to update the OS immediately.<\/p>\n Google+?<\/strong>\u00a0If you use social media and happen to be a Google+ user, why not\u00a0join\u00a0AppleHolic’s Kool Aid Corner community<\/a>\u00a0and get involved with the conversation as we pursue the spirit of the New Model Apple?<\/p>\n Got a story? Please\u00a0<\/strong>drop me a line via Twitter<\/a>\u00a0and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.<\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Jonny Evans| Date: Wed, 29 Nov 2017 09:33:00 -0800<\/strong><\/p>\n<\/p>\n