Apple‘s just released a new security update for macOS High Sierra that fixes the big security vulnerability that allows people to gain administrator access without a password.
If you wish to install the update, all you need to do is go to the Updates tab at the Mac App Store and install the new fix. Granted the flaw shouldn’t have happened in the first place but Apple managed to get a fix out relatively quickly.
For those not in the know, the security flaw affected all mac machines running on the latest High Sierra version 10.13.1 — 17B48, which allowed people with physical access to the machine bypass all security screen by just entering the root username.
If you don’t want to manually make the update, Apple will automatically roll it out today to those affected.
UPDATE: Apple has issued a statement on the matter:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
[SOURCE]