Last week, Apple was left red-faced after it was discovered a bug in macOS High Sierraallowed anyone to gain root access to the system without a password. The company quickly released a security patch to fix the problem, but it also needed updating with an advisory because it could prevent file-sharing on the Mac. Now another problem has been identified, and it allows the root bug to be reactivated.
As Betanews reports, it turns out when Apple released the security patch it assumed Mac owners would apply everything in the correct order. Assuming never ends well and so further clarification was required from Apple as to how to go about applying the patch.
The patch assumed your Mac is already running macOS 10.13.1, but that isn’t the case for everyone. Some users applied the patch while running 10.13.0. Everything seems fine afterwards, but then the 10.13.1 update gets installed and the root bug is reintroduced. User wouldn’t realize this and Apple didn’t state that would happen.
Another oversight from Apple is assuming everyone would reboot their Mac after applying the security patch. If you don’t, apparently the patch isn’t applied properly and your Mac is still vulnerable.
In order to ensure your Mac is fully protected, be sure to upgrade to macOS 10.13.1 first, apply the security patch, and reboot your machine. if you have already gone through the update process and now aren’t sure if it worked or not, there’s an easy way to check. Simply visit the Apple support page for the update and follow the steps there using the Terminal app to confirm you are secure.