Sidebar Sidebar
Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

macOS High Sierra 10.13.2 Beta 6 Fixes Root Password Vulnerability

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
50,100
11,365



The newest beta of macOS High Sierra 10.13.2 fixes a major macOS High Sierra vulnerability that enabled the root superuser on a Mac with no password and no security check.

Apple on Wednesday released a security update to fix the problem on machines running the current release version of macOS High Sierra, 10.13.1, but the bug has remained in macOS 10.13.2 until today.


Developers and public beta testers who are running macOS 10.13.2 should update to beta 6 right away to protect their Macs. MacRumors has confirmed that the vulnerability, which involved entering the username "root" with no password in the Users & Groups section of System Preferences, is no longer functional.

Entering "root" without a password in lieu of an administrator's username and password no longer unlocks a Mac.

When releasing the fix for macOS High Sierra 10.13.1, Apple apologized for the oversight and said it would audit its development processes to prevent something similar from happening in the future.

"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," read a statement from Apple provided to MacRumors.

Article Link: macOS High Sierra 10.13.2 Beta 6 Fixes Root Password Vulnerability
 
Article Link
https://www.macrumors.com/2017/12/01/macos-high-sierra-10-13-2-root-fix/
Norbs12

Norbs12

Suspended
Apr 24, 2015
282
789
Mountain View, CA
Anyone know what the second security update was that came out today for non-beta High Sierra? I saw the root update a few days ago and now this too?
 
Martyimac

Martyimac

macrumors 68000
Aug 19, 2009
1,983
1,305
S. AZ.
That's it, I'm done with Apple's beta testing program. Sixth time in a row a beta couldn't be installed. I'm tired of un-enrolling then re enrolling just to get a beta installed.
Three strikes and you are out Apple.
 
Last edited:
J

Jerry Fritschle

macrumors member
Mar 30, 2004
95
100
Norbs12 said:
Anyone know what the second security update was that came out today for non-beta High Sierra? I saw the root update a few days ago and now this too?
Click to expand...
AFAIK, the first update broke file sharing for some users, and the second one addressed that. As with the initial bug, Apple had previously issued a statement with the workaround.
 
  • Like
Reactions: Norbs12
Kaibelf

Kaibelf

Suspended
Apr 29, 2009
2,445
7,436
Silicon Valley, CA
Martyimac said:
That's it, I'm done with Apple's beta testing program. Third time in a row a beta couldn't be installed. I'm tired of un-enrolling then re enrolling just to get a beta installed.
Three strikes and you are out Apple.
Click to expand...

Did you use terminal to install? It’s a lot easier to just use:

sudo softwareupdate -ia

Works very consistently for me and none of that enrollment stuff. That said, you seem to be pretty heated at finding that beta software isn’t perfect at all things. Why even participate if it upsets you like that?
 
K

KPOM

macrumors P6
Oct 23, 2010
15,427
3,862
Martyimac said:
That's it, I'm done with Apple's beta testing program. Third time in a row a beta couldn't be installed. I'm tired of un-enrolling then re enrolling just to get a beta installed.
Three strikes and you are out Apple.
Click to expand...
What Mac are you running? I’ve never had an issue getting a beta installed.
 
Martyimac

Martyimac

macrumors 68000
Aug 19, 2009
1,983
1,305
S. AZ.
Kaibelf said:
Did you use terminal to install? It’s a lot easier to just use:

sudo softwareupdate -ia

Works very consistently for me and none of that enrollment stuff. That said, you seem to be pretty heated at finding that beta software isn’t perfect at all things. Why even participate if it upsets you like that?
Click to expand...
Not that heated, just disgusted. This has become an exercise in frustration. It appears that Apple doesn't care how frustrating they make it for the beta testers. And just checking the reports I have submitted, six (6) times the HS betas have failed to install going back to Oct. 26th, one for each beta step. That is how many bug reports I have submitted on the exact same issue.
I fully understand what beta testing is and I expect bugs. As a matter of act I have submitted 33 bug reports. But I also expect apple to make an attempt to fix them. So to me, it looks like apple doesn't care. Never had this issue with the Sierra, El Capitan or Yosemite betas. And yes, all on the same machine configured the same for all four betas.
As to the terminal install, I am not that savvy and have never heard of your method. Don't bother to explain though. If I cool off and stay as a beta tester, I'll continue on in apples program. That way at least I'm doing it the "official" way.
 
D

Donovan Dillon

macrumors regular
Jan 31, 2014
131
114
Denver, CO
Martyimac said:
Not that heated, just disgusted. This has become an exercise in frustration. It appears that Apple doesn't care how frustrating they make it for the beta testers. And just checking the reports I have submitted, six (6) times the HS betas have failed to install going back to Oct. 26th, one for each beta step. That is how many bug reports I have submitted on the exact same issue.
I fully understand what beta testing is and I expect bugs. As a matter of act I have submitted 33 bug reports. But I also expect apple to make an attempt to fix them. So to me, it looks like apple doesn't care. Never had this issue with the Sierra, El Capitan or Yosemite betas. And yes, all on the same machine configured the same for all four betas.
As to the terminal install, I am not that savvy and have never heard of your method. Don't bother to explain though. If I cool off and stay as a beta tester, I'll continue on in apples program. That way at least I'm doing it the "official" way.
Click to expand...
I’ve been beta testing for years with numerous Macs and have never once encountered the issue you’ve described with any beta including none of the High Sierra betas. This is also the first report I’ve seen of the issue you’re describing. Is it possible that there is an issue with your setup? Have you tried wiping your mini and doing a clean install of the latest stable release, then performing the beta update?
 
Martyimac

Martyimac

macrumors 68000
Aug 19, 2009
1,983
1,305
S. AZ.
Donovan Dillon said:
I’ve been beta testing for years with numerous Macs and have never once encountered the issue you’ve described with any beta including none of the High Sierra betas. This is also the first report I’ve seen of the issue you’re describing. Is it possible that there is an issue with your setup? Have you tried wiping your mini and doing a clean install of the latest stable release, then performing the beta update?
Click to expand...
If you mean completely starting from scratch with no operating system then the answer is no. But then that also means my bug reports should be valid because this issue only started with the HS beta for the .2 release. It did not happen for the .1 betas, not once.
 
Kaibelf

Kaibelf

Suspended
Apr 29, 2009
2,445
7,436
Silicon Valley, CA
Martyimac said:
Not that heated, just disgusted. This has become an exercise in frustration. It appears that Apple doesn't care how frustrating they make it for the beta testers. And just checking the reports I have submitted, six (6) times the HS betas have failed to install going back to Oct. 26th, one for each beta step. That is how many bug reports I have submitted on the exact same issue.
I fully understand what beta testing is and I expect bugs. As a matter of act I have submitted 33 bug reports. But I also expect apple to make an attempt to fix them. So to me, it looks like apple doesn't care. Never had this issue with the Sierra, El Capitan or Yosemite betas. And yes, all on the same machine configured the same for all four betas.
As to the terminal install, I am not that savvy and have never heard of your method. Don't bother to explain though. If I cool off and stay as a beta tester, I'll continue on in apples program. That way at least I'm doing it the "official" way.
Click to expand...

Fair enough, but just for the record the terminal method is far from a hack or anything unofficial. It’s just a basic single command line entry.
 
  • Like
Reactions: Martyimac
Martyimac

Martyimac

macrumors 68000
Aug 19, 2009
1,983
1,305
S. AZ.
Kaibelf said:
Did you use terminal to install? It’s a lot easier to just use:

sudo softwareupdate -ia

Works very consistently for me and none of that enrollment stuff.
Click to expand...
You have my curiosity piqued. I googled what you did and while I can see why it works, wouldn't the end result still produce a couldn't install error?
 
C

ChrisA

macrumors G4
Jan 5, 2006
11,717
488
Redondo Beach, California
Martyimac said:
2011 mini with an OWC SSD. It's only happened the last 6 betas of HS. Never before.
Click to expand...

Why are you upset about finding a bug in a Beta release you should be HAPPY. After all this is the entire point of Beta, to find bugs. So you did something useful. I hope you file a report other then just here.

All those people who say "Works for me>" are actually useless to the beta program It means they did not try hard enough to find bugs.
 
Martyimac

Martyimac

macrumors 68000
Aug 19, 2009
1,983
1,305
S. AZ.
ChrisA said:
Why are you upset about finding a bug in a Beta release you should be HAPPY. After all this is the entire point of Beta, to find bugs. So you did something useful. I hope you file a report other then just here.

All those people who say "Works for me>" are actually useless to the beta program It means they did not try hard enough to find bugs.
Click to expand...
Might I suggest you go back and read post #16.
 
C

ChrisA

macrumors G4
Jan 5, 2006
11,717
488
Redondo Beach, California
justperry said:
Erm, what about...NO, there's no urgency in updating if root is enabled and a password is set.
Click to expand...

It would be interesting to know what their development process is. It likely involves trying to determine how many users are affected by each bug and then ranking the bugs. At least that is what we would do back when I was in the business. I'd have a meeting every week to assign priorities to bugs and feature requests and to sign an engineer to the top ranked bugs.

With Apple it is like also important if the bug effects new computers or only older ones. They like car a lot more about new computers.

That said. Apple is now a cell phone company.
 
BaltimoreMediaBlog

BaltimoreMediaBlog

macrumors 6502a
Jul 30, 2015
951
1,653
DC / Baltimore / Northeast
I don't know if anyone noticed, but this update also lets you format a standard Hard Drive in APFS vs. HFS.

I couldn't do that before. It wasn't an option. I haven't tried it yet. Anyone have some experience doing it?
 
You must log in or register to reply here.

Similar threads

MacRumors
Apple's T2 Security Chip Vulnerable to Attack Via USB-C
Replies
112
Views
6K
MacRumors.com News Discussion
gplusplus
gplusplus
MacRumors
Apple Seeds Fourth Beta of Upcoming macOS Catalina 10.15.6 Update to Developers [Update: Public Beta Available]
Replies
18
Views
3K
MacRumors.com News Discussion
Babygotfont
Babygotfont
MacRumors
Apple Seeds Third Beta of Upcoming macOS Catalina 10.15.6 Update to Developers [Update: Public Beta Available]
Replies
51
Views
5K
MacRumors.com News Discussion
mdatwood
M
MacRumors
Apple Releases macOS Catalina 10.15.5 Supplemental Update With Security Fix
Replies
98
Views
12K
MacRumors.com News Discussion
Populus
Populus
MacRumors
Apple Seeds Second Beta of Upcoming macOS Catalina 10.15.6 Update to Developers
Replies
60
Views
7K
MacRumors.com News Discussion
IAMDAVE1969
IAMDAVE1969
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom