MacOS High Sierra security flaw fixed

Apple's support document shows how to fix the file-sharing feature that was broken by a patch for a critical login flaw

Lemi Orhan Ergin on Twitter: "Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra

Computer experts revealed a critical security hole in Apple's Macintosh High Sierra operating system on Tuesday, which allowed any user to gain full access to a locked computer by simply typing a word into the login window.

In a statment, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS".

The latest version of MacOS will automatically download the update.

"We are working on a software update to address this issue", Apple said in a statement to news outlets.

"This morning, the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of MacOS High Sierra", it added.


The macOS High Sierra bug was discovered last week by a member of the infrastructure staff at iyzico, a Turkish payment management platform provider, according to Lemi Orhan Ergin, a "software craftsman" at the company.

There are hackable security flaws in software.

"The Mac OS High Sierra "root" user bug is insane. just tried it for myself & can not believe it actually worked", tweeted programmer William LeGate. To exploit the vulnerability, someone with access to the computer can type "root" and no password in the Users & Groups section of System Preferences.

The developer noted that the bug allowed anyone to access the computer's deepest level which is known as "root" privileges. "Normally you'd click that to enter your username and password, which are required to change important settings like those in Security & Privacy". "This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter".

Reports of the flaw began circulating Tuesday after security researchers found the vulnerability. WIRED also independently confirmed the bug.

Latest News