A dangerous and rudimentary security flaw in Apple’s macOS High Sierra returns when users update to the latest version of the operating system.
Last week, Apple rushed to release a security patch after unauthorised users were able to gain administrator-level access to Macs simply by typing the words “root” into the system username field. No password was required.
However, some users who installed the patch have seen it reoccur after upgrading to the latest version of the High Sierra.
Related: Best laptops
Wired reports users on macOS 10.13.0 who downloaded the patch before updating to 10.13.1 may still vulnerable to the flaw.
Those who download the patch again after updating to 10.13.1 are still at risk unless they reboot the computer. Until today, Apple offered no warning a reboot was needed to resolve the issue.
“It’s really serious, because everyone said ‘hey, Apple made a very fast update to this problem, hooray,’” software engineer Volker Chartier told Wired. “But as soon as you update [to 10.13.1], it comes back again and no one knows it.”
Thomas Reed of Malwarebites confirmed the bug was still at large following Apple’s latest update.
He added: “I installed the update again from the App Store, and verified that I could still trigger the bug. That is bad, bad, bad. Anyone who hasn’t yet updated to 10.13.1, they’re now in the pipeline headed straight for this issue.”
“We stumbled”
Last week Apple had apologised for the uncharacteristic error and promised to hold itself to higher standards. However, it appears in the rush to get the fix out, the error was confounded.
Last Wednesday an Apple spokesperson said: “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Apple is yet to comment on this latest development. However, the firm did add the following to the release notes for its security patch: “If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly.”
Do you still trust macOS after this egregious error? Drop us a line @TrustedReviews on Twitter.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
