Apple has issued an apology 'to all Mac users' following the discovery of a major root password vulnerability discovered in macOS High Sierra. The company has also released a security update which will be automatically installed on all systems running High Sierra 10.13.1.
---
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
---
Security Update 2017-001
● Available for: macOS High Sierra 10.13.1
● Not impacted: macOS Sierra 10.12.6 and earlier
● Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
● Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
● CVE-2017-13872
When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002.
Read More [via MacRumors]
---
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
---
Security Update 2017-001
● Available for: macOS High Sierra 10.13.1
● Not impacted: macOS Sierra 10.12.6 and earlier
● Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
● Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
● CVE-2017-13872
When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002.
Read More [via MacRumors]