The latest macOS High Sierra system was leaked by security researcher Lemi Orhan Drgin (@lemiorhan) with a major system vulnerability that could allow root system management control to be successfully granted without the need for an administrator password, Can be said that MAC is the largest system vulnerability in the history of the Mac, Apple received an emergency notice for macOS High Sierra update patch.
Regardless of the complexity of the password you set, everyone can easily bypass system security verification and go straight to the computer.
Need to enter the system Preferences Click “Users and Groups”, click the lower left corner “lock”, and the user name directly into “root”, the password do not need to enter, click the button several times to unlock Can be unlocked directly.
High Sierra versions of users, such as macOS 10.13.0, macOS 10.13.1, and macOS 10.13.2 beta, are all subject to this serious security hole when not patched.
Apple has launched today the 2017-001 macOS High Sierra update file to fix this vulnerability, users can update directly through the App Store.
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
Apple product safety is very important for anything, I am very sorry for this macOS update made a very serious mistake. When security engineers found out about the problem yesterday afternoon, they immediately set about rolling out updates and fixing bugs.
Yesterday, the security update has been successfully released and patches will now be installed automatically through the system update of macOS High Sierra 10.13.1. We regret to say that this error will be caused. We sincerely apologize to all Mac users for apologizing for the loophole and for apologizing for the concerns raised by all users. We are beginning to re-examine the system development process to prevent this from happening again.