On Wednesday Apple released an update to fix the massive and alarmingly simple security vulnerability in its newest Mac operating system, which researchers exposed Tuesday.
The security flaw allowed literally anyone to log into any computer running macOS High Sierra as a system administrator by typing “root” for the username and then clicking the login button repeatedly with the password field blank. The fix is contained in the new 10.13.1 version of the operating system, which users can download from the Mac App Store now.
In a statement, an Apple spokesperson apologized for the vulnerability.
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Joe Bernstein is a senior technology reporter for BuzzFeed News and is based in New York. Bernstein reports on and writes about the gaming industry and web culture.
Contact Joseph Bernstein at [email protected].