Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present. With today’s update, the patch for the bug — now known as “IAmRoot” (CVE-2017-13872) — has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.
Read more of this story at Slashdot.