Apple swiftly releases patch fixing macOS High Sierra’s login vulnerability, breaks file sharing feature for some users

By Shubham Sharma | Updated Nov 30 2017
Apple swiftly releases patch fixing macOS High Sierra’s login vulnerability, breaks file sharing feature for some users
HIGHLIGHTS

The software patch will be automatically downloaded on Mac’s running the latest version (10.13.1) of macOS High Sierra and it fixes the flaw which allows anyone to access the root/admin account by simply entering “root” as the admin username.

The Power of 8th Generation

Stream. Game. Create. Like Never Before

Click here to know more

Apple has quickly released a patch for fixing the macOS High Sierra login vulnerability which was discovered yesterday. The update fixes the bug which allowed anyone to log in as an administrator or into the root account without entering any password. Apple had acknowledged the flaw, apologised and promised to issue a software update soon, but the patch seems to have introduced a new bug which prevents some Mac users from authenticating or connecting for file shares.

Apple published a support document explaining how to fix the file share feature, which is not working for some Mac users after patching with the new update. Users simply need to follow these steps:

  • Open the Terminal app, which is in the Utilities folder under your Applications folder.
  • Type “sudo /usr/libexec/configureLocalKDC” (without quotes ) in the terminal window and press Return. 
  • Enter your administrator password and press Return and quit the terminal.

Apple, in a statement to 9to5Mac, said, "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

The admin login security flaw on the macOS High Sierra allowed anyone to access the root/admin account by simply entering “root” as the username and leaving the password field blank. The root account gets escalated privileges with full access to system files along with read and write privileges. Apple previously recommended setting a custom password for the admin account, until they roll out the patch for fixing it. The company has also urged their customers to install the new software fix as soon as possible.

Videos

Apple iPhone 7 Plus vs OnePlus 5 vs Asus Zenfone Zoom S vs Xiaomi Mi A1  Digitin
logo
Shubham Sharma

Working on a miniaturised version of the Arc Reactor.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.