New security update fixes macOS root bug

Samuel Axon

from Ars Technica - All content on 2017-11-29 17:41 (#39B3S)

Enlarge (credit: Samuel Axon)

Yesterday we learned that Apple had made a serious security error in macOS-a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in "root" as the username and leaving the password field blank. Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store. Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.

Apple's brief notes for this security update (Security Update 2017-001) explain the bug by saying, "A logic error existed in the validation of credentials," and claims the problem has been addressed "with improved credential validation."

Apple shared the following statement with Ars:

Read 1 remaining paragraphs | Comments

index?i=PgNvvbR3Kkg:ygYiFO-4RHY:V_sGLiPB

index?i=PgNvvbR3Kkg:ygYiFO-4RHY:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/