Last week it was discovered that there was a rather glaring security flaw in macOS that allowed users to log into a Mac computer just by typing “root” in the user name field and leaving the password blank. To Apple’s credit they released a fix for the bug less than a day after it was reported, but it seems that isn’t the end of the story.
According to a report from WIRED, it seems that the patch to fix the bug might come with a bug of its own. The report reads, “Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the ‘root’ bug reappears when they install the most recent macOS system update.”
Volker Chartier, a software engineer at German energy firm Innogy who alerted WIRED to the issue says, “It’s really serious, because everyone said ‘hey, Apple made a very fast update to this problem, hooray,’. But as soon as you update [to 10.13.1], it comes back again and no one knows it.” Basically it seems that despite Apple initially saying no reboot is necessary, you will have to reboot your Mac once you’ve applied the patch in order to get it to work.
However Apple has updated its support page to note that users should reboot their Mac to ensure the patch is applied properly. If you’re someone who leaves their Mac on standby and rarely shuts it down, then this could pose a problem because despite applying the patch, the bug is still present until the computer is rebooted.