Update to High Sierra now live, official comment from Apple

An update to High Sierra has now gone live. It addresses the root password issue we first mentioned in this post.

“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS”, said an Apple spokesperson in a statement to The Loop.

“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

The download is now available via the Mac App Store.



  • And I thought I was so smart with this fix:

    Fire up Terminal

    sudo passwd

    Followed by entering your user password and the new root password twice

    Heck, it still works when you need to change the root password. Just keep root disabled except when you need it for major Mac surgery.

  • Janak Parekh

    Thanks for posting the statement, Dave!

    I’m very happy to see Apple is taking this very seriously. Their public statement is pretty unprecedented for them. I hope they’re able to revamp their practices.

  • Given how this seems to have come to Apple’s attention, I hope Apple doesn’t pay out on their bug bounty program.

    Apple’s fast turnaround on this is clearly requisite, but it’s also impressive.

    • GS

      Do they pay on MacOS, or just iOS?

  • Caleb Hightower

    Thanks for all the updates

  • Kip Beatty

    It’s still inexcusable that Apple ever let this slip through, but kudos to them for such a fast response.

  • Mo

    Whew.

  • John Kordyback

    The Windows 95 login bypass was more fun.

    https://youtu.be/DOeYqmVNaZE