When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. Apple has provided the following statement: Update: Apple will automatically roll out the update later today for everyone who is affected. This was addressed with improved credential validation,” Apple says. “A logic error existed in the validation of credentials.
For hackers, it’s a great way to access your emails, personal data and more. It even works with a screen sharing session. After that, you can see everything on the computer even if it’s not yours.
Multiple persons at TechCrunch tested the flaw and could replicate it effortlessly. On the login screen or in the preference panel, you could bypass all security screens by entering the root username and no password. The security flaw affected all Macs running the latest version of High Sierra (at least version 10.13.1 - 17B48).
