As we noted earlier, macOS Sierra has a security bug that’s less about a missed security hold during an audit and really more about Apple being irresponsible.
The company has now released Security Update 2017-001 to solve the issue. The numbering scheme seems to suggest its the first security update for the company for 2017.
Full details: About the security content of Security Update 2017-001
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!