New security update fixes macOS root bug | Ars Technica

New security update fixes macOS root bug | Ars Technica – If you came across this in the past 24 hours, or earlier even, you will be relieved to learn it has been patched. It is hard to recall a more shockingly simple bug which such brutal implications. If you ever wondered about so-called ‘zero-day’ vulnerabilities, here is a case in point.

Get on to that update…

Yesterday we learned that Apple had made a serious security error in macOS—a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in “root” as the username and leaving the password field blank. Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store. Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.

Permalink