Yesterday a serious security flaw in macOS High Sierra was discovered that let someone with access to a Mac running Apple’s latest OS gain root access to the its data. Today, Apple released Security Update 2017-001, which fixes the issue. The release notes to the update describe the issue as follows:
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
In a comment to Rene Ritchie of iMore.com, Apple said:
Apple’s comment:
“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.” pic.twitter.com/I8U5q58SDw
— Rene Ritchie (@reneritchie) November 29, 2017
Needless to say, this is an important update that should be installed as soon as possible.