Apple has released a statement regarding the security vulnerability on macOS High Sierra, which prompted the company to release an emergency software update. The software update, which was released about 24 hours after it was disclosed online by a developer, plugs the security hole on macOS High Sierra’s latest version (10.13.1).
The update will automatically be installed on all systems on High Sierra, ensuring users are no longer exposed to the vulnerability. After releasing the update, the company also released the following statement:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
The speed of the update’s release is an indication of the severity of how Apple saw the issue. It allowed users to access a locked Mac device by simply keying “root” as the user, and leaving the password field blank. The attacker would then have full access to the device using such method, allowing them to access all the files stored inside, and even make administrative changes to the Mac.