Apple has made a nasty mistake with its latest updates for macOS: While the security update of November 29 fixed a vulnerability that allowed unauthorized persons to gain root access even without a password, the update released on December 1 nullifies the changes.

macOS

Dumber could not have done that. First, Apple was facing criticism for a not only annoying but really serious vulnerability in MacOS, through which virtually anyone on a Mac could log in as root. Although only a short time after the announcement of this security nightmare Apple brought out an update – but the company makes its quick work just as quickly destroyed.

As reported, among other things, in AppleInsider, the patch for the root user bug distributed on November 29th will be annulled by the upcoming update to macOS High Sierra 10.13.1 when a user upgrades from an old version to 10.13.1. This basically means that the blatant vulnerability is still active when you first run the December 1 update.

Also Read: macOS Has An Embarrassing Bug

Renewed criticism is now loud that Apple has knitted its solution for the root user bug with hot needles and the code is basically flawed.With the re-software upgrade, a previous security update should not be overridden as easily as it seems. It also states that a reboot (which does not happen automatically this time, so should not be required) solves the problem with the patch. As AppleInsider writes, reinstalling the November 29 security patch will only help with a subsequent reboot to actually close the root hole, otherwise, the patch will remain inactive.

Source

Leave a Reply