Yesterday a very nasty bug was discovered in Apple’s macOS High Sierra, the latest version of its software for computers. In short, this bug allowed anyone with access to your computer to log in as the ‘root’ user. That’s bad, because the ‘root’ user has access to everything and read and write permissions on all the files on your Mac, including system files.
Thankfully, Apple has already issued a fix for this problem, which is part of a new security update for Macs that is now available to download and install. This patch will be automatically pushed to and installed onto devices running macOS High Sierra later today.
The company was certainly quick to resolve the vulnerability, but it’s still baffling how something so obviously bad managed to ship. For what it’s worth, Apple has released the following apology:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
Source | Via