Statement I received from an Apple spokesperson, just a few minutes ago:
Security is a top priority for every Apple product, and
regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday
afternoon, we immediately began working on an update that closes
the security hole. This morning, as of 8:00 a.m., the update is
available for download, and starting later today it will be
automatically installed on all systems running the latest version
(10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users,
both for releasing with this vulnerability and for the concern it
has caused. Our customers deserve better. We are auditing our
development processes to help prevent this from happening again.
Quick turnaround, and a strong apology. The bug never should have happened, but given that it did, you couldn’t ask for a better, faster response. To my memory, this is only the second time Apple has used MacOS’s automatic — that is to say, non-optional — update mechanism. The other was the NTP Security Update in 2014, that affected Mac OS X 10.8 through 10.10.
★ Wednesday, 29 November 2017