Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

PSA: If You Upgrade to macOS High Sierra 10.13.1, You'll Need to Reinstall Apple's Root Security Fix

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,560
30,891



Mac owners who are still running macOS High Sierra 10.13 and who have already installed Apple's root security fix on that version of the operating system will need to install it once again upon upgrading to macOS 10.13.1, reports Wired.

Security researchers running a patched version of the original macOS High Sierra update, 10.13.0, told Wired that the root bug was reintroduced upon installing the macOS 10.13.1 update. After updating, they needed to install Apple's security patch again. Even that didn't fix the issue until their machines were rebooted.

rootbug-800x583.jpg
Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update.

And worse, two of those Mac users say they've also tried re-installing Apple's security patch after that upgrade, only to find that the "root" problem still persists until they reboot their computer, with no warning that a reboot is necessary.
Click to expand...
The root fix, released on Wednesday for macOS High Sierra 10.13.0 and 10.13.1, addresses a serious vulnerability that was first discovered a day earlier on Tuesday. The bug enabled the root superuser on a Mac with a blank password and no security check, letting anyone bypass the security of an admin account with the username "root" and no password.

While the security update successfully fixes the issue, it appears Apple may not have releases a modified and patched version of macOS 10.13.1, so customers who installed the update on 10.13 might think they're protected upon updating to 10.13.1, but they're not. Instead, the bug is fully re-introduced.

Apple may fix this problem now that the oversight has been pointed out, but in the meantime, customers upgrading from macOS High Sierra 10.13 to 10.13.1 should make sure to download the security update a second time and restart to be certain the root vulnerability is patched.

This won't be an issue when the macOS High Sierra 10.13.2 update is released, as Apple patched the bug in the macOS High Sierra 10.13.2 beta that was released this morning.

Article Link: PSA: If You Upgrade to macOS High Sierra 10.13.1, You'll Need to Reinstall Apple's Root Security Fix
 
Article Link
https://www.macrumors.com/2017/12/01/macos-high-sierra-root-fix-reinstall-10-13-1/
iapplelove

iapplelove

Suspended
Nov 22, 2011
5,324
7,638
East Coast USA
It only shows it was downloaded once for me in my last 30 days update history, even though the second patch was automatically updated tonight.

But when I reboot the machine it shows update available lol. If I try updating it gives me an errror saying already downloaded.
 
  • Like
Reactions: drewyboy and vjl323
1rottenapple

1rottenapple

macrumors 601
Apr 21, 2004
4,702
2,719
What a shame. It’s like Michael Jordan Playing for the washing wizards after the bulls run. That’s where apple is. Or Kobe’s final year losing constantly. Or Mike Tyson biting ears or Michael Jackson nose changing. That’s you Apple 2017.
 
  • Like
Reactions: Sandstorm, makitango, Cmd-Z and 3 others
T

teknishn

macrumors 6502
Nov 16, 2006
372
107
I don't excuse Apple for this one, but I have a hard time getting worked up over it. This bug brings the current version of MacOS (unpatched) to the level of Windows without UAC enabled, which is basically the norm. After that, I really don't intend to allow others physical access to my systems to exploit this. Seriously, we can stop the arm waving
 
  • Like
Reactions: Skoal
S

sziehr

macrumors 6502a
Jun 11, 2009
744
857
So Apple we need Craig out in front of a group of reporters with a full throated apology and promise to never let this happen again. I also want to know what new levels of auditing they are going to do. This is beyond unacceptable. I use OS X in large part to the security and ease of use of said security. I am worked up due to the fact they used to not have these sort of issues.
 
  • Like
Reactions: manhattanboy and Sandstorm
chrfr

chrfr

macrumors G5
Jul 11, 2009
13,520
7,045
teknishn said:
I don't excuse Apple for this one, but I have a hard time getting worked up over it. This bug brings the current version of MacOS (unpatched) to the level of Windows without UAC enabled, which is basically the norm. After that, I really don't intend to allow others physical access to my systems to exploit this. Seriously, we can stop the arm waving
Click to expand...
For the typical home computer, this is not a real big concern. For computers in shared environments, or in environments where the users are given limited privileges, this is a huge problem.
 
  • Like
Reactions: Ploki, Sandstorm, hxlover904 and 4 others
quietstormSD

quietstormSD

macrumors 65816
Mar 2, 2010
1,224
593
San Diego, CA
Back in my day we had to put a little bit of elbow grease into these things to fix em! Well maybe before my day but yeah! Restart, restart, restart... whew it works!
 
cw75

cw75

macrumors member
Sep 6, 2009
35
12
Texas
Apple must have removed this patch as their website keeps bouncing me back and forth between two different pages, neither of which has a link to download. It also does not appear in the app store's Updates.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom