Furthermore, however, the root security fix doesn't reinstall as seamlessly for those who are installing again after updating their machine to macOS 10.13.1.
The vulnerability was disclosed by a user on Tuesday on Twitter.
Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update.
"The Mac OS High Sierra "root" user bug is insane. just tried it for myself & can not believe it actually worked", tweeted programmer William LeGate.
The solution is a simple one - but one that has not been made sufficient clear by Apple.
It is noted that remotely realize the vulnerability impossible - the attacker must still have direct access to your device. A new report from Wired has revealed that users who were still on macOS High Sierra 10.13 - and installed the rushed security patch for the root exploit - saw the effects of the patch completely undone by upgrading to macOS High Sierra 10.13.1.
The update fixes serious concerns of vulnerability that allowed anyone to log into a Mac without entering the password. To do this in the settings section "Users and groups" click on the button with a lock. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.
Developers can download the macOS Developer Beta Access Utility from the link below... In the first field you must enter the root, and the second to activate the click, but leave blank, then pressing enter a few times. "This is really REALLY bad".
According to Thomas Reed, an Apple-focused researcher at security firm MalwareBytes (via Wired), even if a Mac user instinctively reinstalled the security patch after they upgraded High Sierra, they could still be left vulnerable. When that happens, "Make sure to update your Macs and MacBooks at your earliest opportunity after it is released", he added.