Security problems on macOS High Sierra continue. A bug in Apple's operating system was recently made public after a Twitter user exposed a vulnerability that allowed basically anyone to access Macs using only the username "root" without entering so much as a password.
To Apple's credit, it acted quickly by releasing a security patch for affected machines, but new reports suggest that the patch was rushed because it's nearly buggy as the OS it's designed to repair.
macOS High Sierra Security Patch Fail
As Wired reports, Apple scrambled to release a macOS High Sierra security update earlier this week to patch up a critical flaw in the system's login process, which, as mentioned, allowed anyone to unlock Macs without even entering a password. All Macs running High Sierra appeared to be affected. There was no exception, meaning it was a glaring mistake on Apple's end and not just an isolated case.
Multiple Mac users now report that the patch itself has a glitch. Those who have Macs running High Sierra 10.13.0, an older version, have found that downloading the security patch solves the critical problem, but when they update to the latest version of High Sierra, 10.13.1, the root bug resurfaces, undoing the patch's effectivity. Worse, reinstalling the security update doesn't seem to fix anything until the system is rebooted, but no such warning comes.
Even if a Mac user reinstalls the security update after updating to macOS High Sierra 10.13.1 — and actually, Apple will automatically install it no matter what — users could still be at risk, according to Thomas Reed, a security researcher at MalwareBytes focused on Apple products.
"I installed the update again from the App Store, and verified that I could still trigger the bug. That is bad, bad, bad," said Reed. "Anyone who hasn't yet updated to 10.13.1, they're now in the pipeline headed straight for this issue."
Was Apple Simply Sloppy?
Apple has yet to address the issue in which the root bug resurfaces after updating the OS. Even if it's not as abysmal as the original root bug, this still reflects badly on the security of Apple's OS, which the company has long boasted as one of the elements that make Macs better than PCs.
As Apple Insider notes, the glitch isn't as concerning as the original issue it's meant to patch, but it does show Apple's sloppiness in getting its code right. Just this past September, Apple overlooked a massive macOS High Sierra security flaw that allowed hackers to steal passwords. How these extremely critical issues even managed to bypass the company's security checks in the first place is still uncertain, but for now, to keep your Mac safe, make sure to reboot your system after updating to the latest version of High Sierra and then downloading the security patch.