Well, to their credit, it didn’t take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.
The security update – which Apple advises should be installed “as soon as possible” – is being pushed out via the Mac App Store.
Here is how Apple is describing the vulnerability:
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
Kudos to Apple for readying a fix so quickly, but a security hole as big as this should never have got past quality control in the first place.
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.