In the course of this morning we have youmade aware in macOS High Sierra. Apple has now responded and released the security update 2017-001 for macOS High Sierra 10.13.1.
macOS High Sierra. Apple closes critical “root” security gap
That was fast. On the night of today, a security vulnerability in macOS High Sierra became known. Attackers were able to gain root access to the system. Instead of entering the name of the owner with the associated password, only the user name “root” and an empty password had to be entered.
Now the Security Update 2017-001 is available as a download. You can install it in the usual way via the Mac App Store. Go to the Mac App Store and follow the updates section and you should be offered the security update.
In the associatedIt says that the update for macOS 10.13.1 is available. macOS Sierra 10.12.6 or earlier are not affected by the vulnerability. In our case, the download was 1.7MB in size. Apple recommends installing the security update to all Mac users,