Apple has released a software patch for a vulnerability that made accessing a device running macOS High Sierra trivial.
The Apple Security Updates page for Security Update 2017-001 confirms that the patch is for the so called #IAmRoot vulnerability.
“A logic error existed in the validation of credentials. This was addressed with improved credential validation,” said the Cupertino firm.
Users are urged to download the patch as soon as possible but according to The Verge the patch is being installed automatically on all systems running macOS High Sierra.
Important to note: only version 10.13.1 was affected by this flaw. Earlier versions of the OS were not impacted according to Apple but we wouldn’t take any risks.
Once the patch is installed the build number of the operating system should be 17B1002 or higher with build 17B1003 containing additional bug fixes.
As one might expect Apple is rather sheepish about this whole affair. The firm apologised to its users and reassured them that security is a top priority for the firm.
“We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again,” Apple said in a statement.
Users that have patched their systems that require the ‘root’ user will need to re-enable the account after patching.