Updating macOS can bring back the nasty “root” security bug

The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 and thus were running a prior version of the OS when they received the security update, found that installing 10.13.1 resurfaced the bug, according to a report from Wired.

For these users, the security update can be installed again (in fact, it would be automatically installed at some point) after updating to the new version of the operating system. However, the bug is not fixed in that case until the user reboots the computer. Many users do not reboot their computers for days or even weeks at a time, and Apple’s support documentation did not at first inform users that they needed to reboot, so some people may have been left vulnerable without realizing it. The documentation been updated with the reboot step now.

The root bug allows anyone to log in or authenticate as a system administrator on systems running macOS High Sierra by simply typing in the username “root” and leaving the password field blank, in many circumstances. It was a serious bug that drew an uncharacteristically strong apology from Apple, which said its “customers deserve better.”

Read 1 remaining paragraphs | Comments

Ars Technica

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.