Apple exposes patch-fixing MacOS High Sierra login vulnerabilities,
The software patch will be downloaded automatically on Mac running the latest version (10.13.1) of Max High Sierra and it fixes the bug that allows anyone to access the root / admin account by entering “root” as admin username.
Apple has released a patch to quickly fix the MacOS High Sierra login vulnerability that was discovered yesterday. The update fixes a bug that allows anyone to log in as an administrator or without a password to the root account. Apple acknowledged the error, apologized and promised to issue a software update soon, but the patch seems to have introduced a new bug that prevented some Mac users from authenticating or connecting for file sharing.
Apple has released a support document explaining how to fix the file share feature, which is not working for some Mac users after being patched with a new update. Users only need to follow these steps:
- Open the Terminal app in the Utilities folder under your Applications folder.
- In the terminal window type “sudo / usr / libexec / configureLocalKDC” (without quotes) and press return.
- Enter your administrator password and press Return and exit the terminal.
Apple said in a statement to 9to5Mac, “Security is a top priority for every Apple product, and sadly we have stumbled upon this release of MacOS. We are very sorry for this error and we apologize to all Mac users, both for releasing this vulnerability. “It simply came to our notice then.
Admin Login Security Error in MacOS High Sierra Allows anyone to access root / admin account by typing “root” as username and leaving the field blank. The root account has the added benefit of having full access to system files, including the privilege of reading and writing. Apple had previously recommended setting a custom password for the admin account, until they rolled out the patch to fix it. The company urges its customers to install new software fixes as soon as possible.