Apple has quickly released an update to fix a security flaw in macOS High Sierra that enables guests to have full admin access to a locked Mac without providing so much as a password — users simply had to input the username "root" to get such access.
macOS High Sierra Security Patch Now Rolling Out
Apple is encouraging users to install the patch immediately. Mac users running the latest version of macOS High Sierra should probably follow Apple's advice lest they risk their machines from being compromised. The security flaw actually wouldn't work without physical access to a Mac, but it's better to be safe than sorry.
The urgency and severity of the security mishap can never be more apparent. It's clear that Apple did not see this coming. The Cupertino tech firm hasn't explained how they could have overlooked such a critical vulnerability within the operating system, though.
Apple wants the fix applied to all systems running macOS High Sierra, so it's making it a mandatory update in all affected systems. The ease with which a Mac system can be exploited using the security flaw is actually quite surprising, especially for a company that often boasts its focus on security and user privacy. It's pretty transparent how disappointed Apple is with itself over the flub.
"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," said Apple in a statement.
"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused."
How To Install The macOS High Sierra Security Update
The update is available for all Mac running macOS High Sierra 10.13.1. Those with macOS Sierra 10.12.6 and earlier don't seem to be affected. Of the flaw itself, Apple says "[a] logic error existed in the validation of credentials."
Founder of Software Craftsmanship Turkey Lemi Orhan Ergin first made the issue publicly known via Twitter on Tuesday, Nov. 28. Apple promptly addressed the issue by sharing step-by-step instructions to safeguard Macs against the "root" password loophole.
Thoughts on the macOS High Sierra security flaw and how fast Apple's response came? As always, feel free to sound off in the comments section below!