Apple Patches Critical Mac Flaw: What to Do

  • MORE

Apple issued a new patch for macOS 10.13 High Sierra this morning (Nov. 29), and you should apply the patch as soon as possible. The fix takes care of a massive security vulnerability that became public yesterday (Nov. 28) and allows anyone to gain root access to a Mac without any password.

$ 3205271511973529

The fix, entitled Security Update 2017-001, is available to users on macOS High Sierra version 10.13.1. To apply it, simply go into the App Store application, wait for the update to appear, and then authorize its download and installation.  (You'll have to enter the user name and password of an administrator account if you're not already running in one.)

"A logic error existed in the validation of credentials," Apple's security-update note reads. "This was addressed with improved credential validation."

The vulnerability was disclosed on Twitter yesterday afternoon Eastern time by Turkish app developer Lemi Orhan Egan, although it later became apparent that Apple developers had already been quietly discussing the flaw in online forums for a couple of weeks.

The patch came less than 24 hours after Egan's tweet. Prior to the fix, Apple recommended users protect against exploits of the flaw by simply adding a password to root account on their Macs.





Author Bio
Andrew E. Freedman
Andrew E. Freedman,
Andrew joined in 2015, reviewing computers and keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag and Complex, among others. Follow him on Twitter @FreedmanAE.
Andrew E. Freedman, on