Apple Issues Statement and Fix for High Sierra Root User Authentication Bug

Apple’s statement, via Romain Dillet of TechCrunch:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

A fast bug fix, an apology, and a commitment to fixing whatever led to a bug like this shipping. That’s the good news.

Unfortunately, some users on the MacRumors forums are reporting that the security patch also breaks file sharing. It would be foolish to recommend users wait to apply this patch — and impossible, because it gets installed automatically — but you should be aware of this bug if that’s something you depend on.