Yep did that a few days ago. I have theepatch, got it I think on wednesday?
Take care
On Dec 2, 2017, at 10:59 AM, Mary Otten <motten53@xxxxxxxxx> wrote:
PSA: Upgrading to macOS 10.13.1 will undo Apple’s patch for critical root
vulnerability
9to5Mac / Chance Miller
<https://9to5mac.com/2017/12/02/macos-10-13-1-root-hole-bug/>
While Apple was commended for its overnight fix
<https://9to5mac.com/2017/11/29/macos-root-fix/> of the critical macOS root
security hole <https://9to5mac.com/2017/11/28/how-to-set-root-password/>
earlier this week, updates that are developed so quickly rarely come without
issues <https://9to5mac.com/2017/11/29/how-to-fix-macos-file-share/>. Wired
this morning reports
<https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/> that
if you were running macOS High Sierra 10.13.0 when you installed the update,
and then update to High Sierra 10.13.1, the security update will reverse
itself…
The report cites several users who have experienced this issue. Essentially,
if you were behind and hadn’t updated to macOS 10.13.1 yet, you need to be
sure to reinstall the security patch that Apple released earlier this week
for the root hole.
Furthermore, however, the root security fix doesn’t reinstall as seamlessly
for those who are installing again after updating their machine to macOS
10.13.1. Wired’s report explains that users are having to reboot their Mac in
order for the security patch to stick.
When Apple originally released the security update earlier this week, it was
sure to tout that it didn’t require a reboot in order to get as many users to
upgrade as possible. Furthermore, for those installing again after updating
to macOS 10.13.1, Apple doesn’t say that a reboot is required. This means
that, unless a user specifically tests the root bug, they won’t realize the
security fix actually hasn’t stuck.
Thomas Reed, an Apple researcher at security firm MalwareBytes, explained to
Wired:
After Reed confirmed that 10.13.1 reopened the “root” bug, he again installed
Apple’s security fix for the problem. But he found that, until he rebooted,
he could even then type “root” without a password to entirely bypass High
Sierra’s security protections.
“I installed the update again from the App Store, and verified that I could
still trigger the bug. That is bad, bad, bad,” says Reed. “Anyone who hasn’t
yet updated to 10.13.1, they’re now in the pipeline headed straight for this
issue.”
Apple has yet to comment on this newfound issue. It would seem that the
company could re-release the security patch for those users who upgrade, but
that remains to be seen. Have you noticed this flaw on your machine? Let us
know down in the comments.
Subscribe to 9to5Mac on YouTube for more Apple news: ;
<https://www.youtube.com/c/9to5mac?sub_confirmation=1>
Original Article: https://9to5mac.com/2017/12/02/macos-10-13-1-root-hole-bug/ ;
<https://9to5mac.com/2017/12/02/macos-10-13-1-root-hole-bug/>
Sent from my iPhone
