Apple has quickly released a patch for fixing the macOS High Sierra login vulnerability which was discovered yesterday. The update fixes the bug which allowed anyone to log in as an administrator or into the root account without entering any password. Apple had acknowledged the flaw, apologised and promised to issue a software update soon, but the patch seems to have introduced a new bug which prevents some Mac users from authenticating or connecting for file shares.
Apple published a support document explaining how to fix the file share feature, which is not working for some Mac users after patching with the new update. Users simply need to follow these steps:
- Open the Terminal app, which is in the Utilities folder under your Applications folder.
- Type “sudo /usr/libexec/configureLocalKDC” (without quotes ) in the terminal window and press Return.
- Enter your administrator password and press Return and quit the terminal.
Apple, in a statement to 9to5Mac, said, "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
The admin login security flaw on the macOS High Sierra allowed anyone to access the root/admin account by simply entering “root” as the username and leaving the password field blank. The root account gets escalated privileges with full access to system files along with read and write privileges. Apple previously recommended setting a custom password for the admin account, until they roll out the patch for fixing it. The company has also urged their customers to install the new software fix as soon as possible.