49
Apple Releases Fix for High Sierra Root Login Bug

Statement I received from an Apple spokesperson, just a few minutes ago:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Quick turnaround, and a strong apology. The bug never should have happened, but given that it did, you couldn’t ask for a better, faster response. To my memory, this is only the second time Apple has used MacOS’s automatic — that is to say, non-optional — update mechanism. The other was the NTP Security Update in 2014, that affected Mac OS X 10.8 through 10.10.

Wednesday, 29 November 2017