PSA: If You Upgrade to macOS High Sierra 10.13.1, You'll Need to Reinstall Apple's Root Security Fix

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Dec 1, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Mac owners who are still running macOS High Sierra 10.13 and who have already installed Apple's root security fix on that version of the operating system will need to install it once again upon upgrading to macOS 10.13.1, reports Wired.

    Security researchers running a patched version of the original macOS High Sierra update, 10.13.0, told Wired that the root bug was reintroduced upon installing the macOS 10.13.1 update. After updating, they needed to install Apple's security patch again. Even that didn't fix the issue until their machines were rebooted.

    [​IMG]
    The root fix, released on Wednesday for macOS High Sierra 10.13.0 and 10.13.1, addresses a serious vulnerability that was first discovered a day earlier on Tuesday. The bug enabled the root superuser on a Mac with a blank password and no security check, letting anyone bypass the security of an admin account with the username "root" and no password.

    While the security update successfully fixes the issue, it appears Apple may not have releases a modified and patched version of macOS 10.13.1, so customers who installed the update on 10.13 might think they're protected upon updating to 10.13.1, but they're not. Instead, the bug is fully re-introduced.

    Apple may fix this problem now that the oversight has been pointed out, but in the meantime, customers upgrading from macOS High Sierra 10.13 to 10.13.1 should make sure to download the security update a second time and restart to be certain the root vulnerability is patched.

    This won't be an issue when the macOS High Sierra 10.13.2 update is released, as Apple patched the bug in the macOS High Sierra 10.13.2 beta that was released this morning.

    Article Link: PSA: If You Upgrade to macOS High Sierra 10.13.1, You'll Need to Reinstall Apple's Root Security Fix
     
  2. farewelwilliams macrumors 68000

    Joined:
    Jun 18, 2014
  3. Krafty macrumors 601

    Krafty

    Joined:
    Dec 31, 2007
    Location:
    La La Land
  4. scrapesleon macrumors 6502a

    scrapesleon

    Joined:
    Mar 30, 2017
    Location:
    Jamaica
    #5
    Can 2017 be over already horrible software year
     
  5. 2010mini macrumors 68040

    Joined:
    Jun 19, 2013
    #6
    I have the new patch and it breaks Safari and Spotlight. Both keeps crashing.
     
  6. InuNacho macrumors 65816

    InuNacho

    Joined:
    Apr 24, 2008
    Location:
    In that one place
  7. thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #8
    It just works:

    After applying patch, then a patch to fix the patch’s issues.

    Then go .1, rinse and repeat

    Just in case it doesnt you can run some terminal commands

    Weeee
     
  8. Vasilioskn macrumors regular

    Vasilioskn

    Joined:
    Jun 30, 2010
    Location:
    New York
  9. CyberBob859 macrumors 6502

    CyberBob859

    Joined:
    Jun 13, 2007
    #10
    Oh, it can get worse.

    Applying the security patches has made Safari and Spotlight completely unusable for me now. I get constant crashes, and I can't figure out how to solve this.

    High Sierra is a POS.
     
  10. macsrcool1234 macrumors 65816

    Joined:
    Oct 7, 2010
  11. ebow macrumors 6502a

    ebow

    Joined:
    Apr 30, 2001
    Location:
    Trapped in a world before later on
    #12
    Oh, I'm supposed to reboot? WTF, thanks for not mentioning that, Apple.
     
  12. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #13
    It only shows it was downloaded once for me in my last 30 days update history, even though the second patch was automatically updated tonight.

    But when I reboot the machine it shows update available lol. If I try updating it gives me an errror saying already downloaded.
     
  13. antiprotest macrumors 65816

    antiprotest

    Joined:
    Apr 19, 2010
    #14
    For a while I have been irritated at Apple, but their incompetence has reached a point that I am beginning to be impressed.
     
  14. UL2RA Suspended

    Joined:
    May 7, 2017
    #15
    It didn't' break anything here, fortunately ... but good grief.
     
  15. magicschoolbus macrumors 65816

    magicschoolbus

    Joined:
    May 27, 2014
  16. 1rottenapple macrumors 68000

    Joined:
    Apr 21, 2004
    #17
    What a shame. It’s like Michael Jordan Playing for the washing wizards after the bulls run. That’s where apple is. Or Kobe’s final year losing constantly. Or Mike Tyson biting ears or Michael Jackson nose changing. That’s you Apple 2017.
     
  17. thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #18
    Tempted to skip this release entirely at this point, even tho its on a separate partition

    Juice isnt worth the squeeze
     
  18. teknishn macrumors 6502

    Joined:
    Nov 16, 2006
    #19
    I don't excuse Apple for this one, but I have a hard time getting worked up over it. This bug brings the current version of MacOS (unpatched) to the level of Windows without UAC enabled, which is basically the norm. After that, I really don't intend to allow others physical access to my systems to exploit this. Seriously, we can stop the arm waving
     
  19. sziehr macrumors 6502a

    Joined:
    Jun 11, 2009
    #20
    So Apple we need Craig out in front of a group of reporters with a full throated apology and promise to never let this happen again. I also want to know what new levels of auditing they are going to do. This is beyond unacceptable. I use OS X in large part to the security and ease of use of said security. I am worked up due to the fact they used to not have these sort of issues.
     
  20. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #21
    For the typical home computer, this is not a real big concern. For computers in shared environments, or in environments where the users are given limited privileges, this is a huge problem.
     
  21. Glideslope, Dec 1, 2017
    Last edited: Dec 1, 2017

    Glideslope macrumors 603

    Glideslope

    Joined:
    Dec 7, 2007
    Location:
    A quiet place in NY.
    #22
    Such a daming confirmation that Apple no Longer cares about the Mac. :apple:
     
  22. quietstormSD macrumors 6502a

    quietstormSD

    Joined:
    Mar 2, 2010
    Location:
    San Diego, CA
    #23
    Back in my day we had to put a little bit of elbow grease into these things to fix em! Well maybe before my day but yeah! Restart, restart, restart... whew it works!
     
  23. cw75 macrumors member

    cw75

    Joined:
    Sep 6, 2009
    Location:
    Texas
    #24
    Apple must have removed this patch as their website keeps bouncing me back and forth between two different pages, neither of which has a link to download. It also does not appear in the app store's Updates.
     
  24. 1rottenapple macrumors 68000

    Joined:
    Apr 21, 2004
    #25
    I know. They don’t have an intern there that’s like, hey Scumbag. Install the update and try the root bug. See if it’s fixed.
     

Share This Page