Apple Security Update: How To Update To MacOS High Sierra 10.13.1

Less than 24 hours after a major security vulnerability discovered in the latest version of MacOS was made public, Apple released a security patch for the operating system designed to address the issue.

The patch, identified by Apple as “Security Update 2017-001,” was issued Wednesday and can be applied on all Mac computers running the latest version of the operating system, MacOS High Sierra 10.13.1.

The security update addresses a significant bug that allowed any person to gain administrative access to a Mac without a password. The bug only required a person to enter the username “root” with no password to unlock the device and be granted admin privileges that allow changes to be made to the machine.

An Apple spokesperson told International Business Times the security update was first made available at 8 a.m. Wednesday. “Starting later today, it will be automatically installed on all systems running the latest version of macOS High Sierra,” the spokesperson said.

The spokesperson said Apple “greatly regret[s] this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

How To Install Security Update 2017-001

As of this morning, the security update is available for all Mac users on the latest version of MacOS. Most users will be prompted to install the update with a notification that will appear in the upper right-hand corner of the screen.

The notification reads “Security Update Available” and is accompanied with the text, “This update should be installed as soon as possible.” When that notification appears, users should click on the “Update” button. MacOS will install the update and the vulnerability will be patched on the machine.

If that update has not yet appears, users can get the update by opening the Apple menu in the upper left-hand corner of the screen and opening the “About This Mac” menu. A pop up will appear with details about the machine, along with a button that says “Software Update…”

Click the “Software Update” button and the machine will check for available updates for the machine. It should identify that Security Update 2017-001 is available and will prompt the user to install it. Click the “Update” button to begin the process.

There is no reason to wait for the automatic update process to start or the notification prompt to appear to install this update. If you have the time to update your machine right this second, allow Security Update 2017-001 to install. If you don’t have the time, make it. The security vulnerability is serious.

Tim Erlin, the vice president of product management and strategy at security firm Tripwire, told IBT the flaw is “absolutely a ‘drop everything and fix it’ moment.” He noted the vulnerability requires “no skill to exploit and provides complete access to affected systems.”

Attackers are well aware of the vulnerability now and while in most cases the attack requires local, physical access to a device in order to exploit it, it is possible in some instances for the vulnerability to be exploited remotely. In short, it is not a vulnerability that you want on your machine for any longer than it needs to be. Take the time install the patch to fix it as soon as possible.