Categories: MacWorkspace

Apple Update Undoes MacOS Root Password Fix

There were red faces at Apple after it slipped up once again in a very public way with the latest version of its macOS (High Sierra) operating system.

Last week the company patched a serious root bug that could have allowed anyone to access a Mac system, but it turns out the problem can return.

This latest development is a further setback to Apple’s security credentials, which have until the last several years enjoyed a solid reputation.

Half Baked Fix?

It was late last month that the root flaw came to light that anyone running an Apple Mac with version 10.13. and 10.13.1 of its latest operating system (known as High Sierra), could be exposed to a serious flaw with admin privileges.

Essentially, the flaw could have allowed admin access to Apple Macs by using the username ‘root’ and no password, which bypasses (in some cases remotely) local security settings.

Apple rushed out a patch within 18 hours of the flaw being reported, and advised all Mac users running macOS High Sierra to download ‘Security Update 2017-001’ immediately.

But now multiple Apple Mac users have confirmed to Wired magazine that the software fix may not actually fix the problem. Indeed, the publication found that the bug returns if Mac owners upgrade to the latest version of High Sierra after they have applied the patch.

If a user upgraded to High Sierra 10.13.1 and did not reboot the Apple Mac (a common practise among Mac users), then the bug would return.

“Even if a Mac user knew to reinstall the security patch after they upgraded High Sierra – and in fact, Apple would eventually install that update automatically, as it has for other users affected by the ‘root’ bug – they could still be left vulnerable, Thomas Reed, a security researcher at Malwarebytes, told Wired.

Reed confirmed that 10.13.1 reopened the “root” bug, and he again installed Apple’s security fix for the problem. But he found that, until he rebooted, he could even then type “root” without a password to entirely bypass High Sierra’s security protections.

“I installed the update again from the App Store, and verified that I could still trigger the bug,” he is reported to have said. “That is bad, bad, bad. Anyone who hasn’t yet updated to 10.13.1, they’re now in the pipeline headed straight for this issue.”

Apple has not commented publicly on the issue, but it has updated its support page with an extra warning.

“If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly,” it said.

Apple Security

This is not the first bug discovered in the macOS High Sierra operating system.

In October a flaw was discovered that could have allowed anyone to gain access to encrypted hard disk volumes. That issue meant that when a user requested a password hint for certain encrypted volumes the operating system instead displayed the entire password.

Yet despite this, Apple has enjoyed a good security reputation for many years, although flaws, bugs and vulnerabilities are increasingly being discovered and patched.

Do you know all about security in 2017? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

17 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

18 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

19 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

21 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

24 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

24 hours ago