Over the course of yesterday, there was a report that a serious security hole appeared in the macOS High Sierra operating system, thanks to which it was possible to abuse the administrative rights to the computer from an ordinary guest account. One of the developers came across the error, who then immediately mentioned it to Apple support. Thanks to a security flaw, a user with a guest account could break into the system and edit the personal and private data of the administrator account. You can read the detailed description of the problem <a href="https://cdn.shopify.com/s/files/1/1932/8043/files/200721_ODSTOUPENI_BEZ_UDANI_DUVODU__EN.pdf?v=1595428404" data-gt-href-en="https://en.notsofunnyany.com/">here</a>. It only took less than twenty-four hours for Apple to release an update that fixed the problem. It has been available since yesterday afternoon and can be installed by anyone with a device compatible with macOS High Sierra.
This operating system security issue does not apply to older versions of macOS. So if you have macOS Sierra 10.12.6 and older, you don't have to worry about anything. Conversely, users who have the latest beta 11.13.2 installed on their Mac or MacBook must be careful, as this update has not yet arrived. It can be expected to appear in the next iteration of the beta test.
So if you have an update on your device, we highly recommend updating as soon as possible. This is a fairly serious security flaw, and to Apple's credit, it took less than a day to resolve. You can read the changelog in English below:
SECURITY UPDATE 2017-001
Released November 29, 2017
Directory Utility
Available for: macOS High Sierra 10.13.1
Not affected: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password
Description: A logical error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872
when you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number on your Mac.
If you require the root user account on your Mac, you can enable the root user and change the root user's password.
well, that's the information out there that the bug was known about for about 2 weeks (it was on apple forums) and nothing happened. so someone got pissed off and just put it on twitter so they finally start doing something. ... like a normal thing, except that the UI system can obviously bypass user authentication?????... that system must be like a hot needle and leaky like a colander, that's strong. Come on, if someone says that Mac is safer than Windows, then you should immediately call an ambulance in Blazin
Oh, and are you a security expert? or just chatted on the forum?
hey, a security expert for what specifically? but I wouldn't directly identify myself to them even in OS security and I need to see the web application), but I would be a little scared if I changed the background on my desktop and unlocked the root account
and this is anyway a mistake on the same basis
there is nothing you can do to pretend that nothing has happened, it's Apple and they don't care