A software patch which Apple released to close a major security issue in its latest High Sierra operating system for Macs seems to contain a bug of its own.
The original flaw meant anybody who gets their hands on a Mac with High Sierra installed could access all files without the need for a password. It allowed anyone to get high-level access to the device by merely using ‘root’ as username and entering nothing in the password field.
The issue was confirmed on Mac devices running either version 10.13 or 10.13.1 of the High Sierra operating system.
A red-faced Apple released a ‘fix’ less than 24 hours after the issue became public knowledge, but Wired magazine has now discovered that the moment users upgrade to a new version of High Sierra it comes back.
According to the publication the order in which users install patches and updates for their Mac computers could result in the original bug not being fixed at all.
The issue, the testers say, would remain on any Mac device that was running High Sierra 10.13 where the user had installed the security patch released by Apple – provided that they subsequently upgraded to the newer High Sierra 10.13.1 without rebooting the device.
A security expert at Malwarebytes reportedly said to Wired magazine: “You could easily have someone who doesn’t reboot their computer for months. That’s not a good thing.”
Commenting in the same magazine, Andy Greenberg stated that it was unclear how many Mac users could face a security threat because of this.
At the time of going to press, Apple has not commented or responded to enquiries about the recurring bug issue.
On the support page where it provides instructions on how to install the security fix, it is, however, stressed that the patch should be “applied properly”.