Apple Releases macOS High Sierra Security Update to Fix Root Password Vulnerability
Apple today released Security Update 2017-001 to fix a serious vulnerability that enables access to the root superuser account with a blank password on any Mac running macOS High Sierra version 10.13.1.
The critical bug, which gained attention after it was tweeted by developer Lemi Ergin yesterday, lets anyone gain administrator privileges by simply entering the username "root" and a blank password in System Preferences > Users & Groups.
The security update is rolling out on the Mac App Store now, and it should be installed by all users running macOS High Sierra as soon as possible. Regardless, starting later today, Apple said the security update will be automatically installed on all Macs running macOS High Sierra 10.13.1.
Apple has since apologized for the vulnerability in a statement issued to MacRumors:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
The vulnerability does not affect macOS Sierra or any other previous version of the operating system.
Popular Stories
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly nine months later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon.
In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis.
In his Powe...
The calendar has turned to February, and a new report indicates that Apple's next product launch is "imminent," in the form of new MacBook Pro models.
"All signs point to an imminent launch of next-generation MacBook Pros that retain the current form factor but deliver faster chips," Bloomberg's Mark Gurman said on Sunday. "I'm told the new models — code-named J714 and J716 — are slated...
Apple is planning to launch new MacBook Pro models with M5 Pro and M5 Max chips alongside macOS 26.3, according to Bloomberg's Mark Gurman.
"Apple's faster MacBook Pros are planned for the macOS 26.3 release cycle," wrote Gurman, in his Power On newsletter today.
"I'm told the new models — code-named J714 and J716 — are slated for the macOS 26.3 software cycle, which runs from...
We are still waiting for the iOS 26.3 Release Candidate to come out, so the first iOS 26.4 beta is likely still at least a week or two away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April.
Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far.
iOS 26.3
iPhone to Android Transfer Tool
iOS 26.3 makes it easier...
Apple recently updated its online store with a new ordering process for Macs, including the MacBook Air, MacBook Pro, iMac, Mac mini, Mac Studio, and Mac Pro.
There used to be a handful of standard configurations available for each Mac, but now you must configure a Mac entirely from scratch on a feature-by-feature basis. In other words, ordering a new Mac now works much like ordering an...
