Apple on November 29 released Security Update 2017-001 to fix a serious vulnerability that enabled access to the root superuser account with a blank password on any of the Mac conputers running macOS High Sierra version 10.13.1.
This bug was discovered in Apple's MacOS High Sierra version on November 28. In simple words, this bug allowed anyone with access to a Mac to log in as the "root" user without providing any password.
This is highly unsafe because the "root" user has read and write permissions to all the files on Mac, including system files.
According to Mac Rumors, the critical bug, which gained attention after it was tweeted by developer Lemi Ergin, let anyone gain administrator privileges by simply entering the username "root" and a blank password in System Preferences > Users & Groups.
Apple has already issued a fix for this security problem as part of a new security update for Macs that is now available to download and install. Moreover, this security patch will be automatically pushed to all the devices running MacOs High Sierra on Thursday, November 30.
Apple has since apologised for the vulnerability in a statement issued to MacRumors: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 am, the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
"We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again."
