Apple Patches Critical Mac Flaw: What to Do
Apple issued a new patch for macOS 10.13 High Sierra this morning (Nov. 29), and you should apply the patch as soon as possible. The fix takes care of a massive security vulnerability that became public yesterday (Nov. 28) and allows anyone to gain root access to a Mac without any password.
The fix, entitled Security Update 2017-001, is available to users on macOS High Sierra version 10.13.1. To apply it, simply go into the App Store application, wait for the update to appear, and then authorize its download and installation. (You'll have to enter the user name and password of an administrator account if you're not already running in one.)
"A logic error existed in the validation of credentials," Apple's security-update note reads. "This was addressed with improved credential validation."
The vulnerability was disclosed on Twitter yesterday afternoon Eastern time by Turkish app developer Lemi Orhan Egan, although it later became apparent that Apple developers had already been quietly discussing the flaw in online forums for a couple of weeks.
The patch came less than 24 hours after Egan's tweet. Prior to the fix, Apple recommended users protect against exploits of the flaw by simply adding a password to root account on their Macs.
Mac to PC Guide: How to Make the Switch