According to an article published by PC Magazine, “Last week, Apple was left red-faced after it was discovered a bug in macOS High Sierra allowed anyone to gain root access to the system without a password. The company quickly released a security patch to fix the problem, but it also needed updating with an advisory because it could prevent file-sharing on the Mac. Now another problem has been identified, and it allows the root bug to be reactivated.”
When Apple released the security patch to solve the problem, they did not account for the lack of user participation in running the patch. Users who did engage in running the patch were not currently running macOS 10.13.1. It was reported that some users were running 10.13.0. Everything appeared fine afterwards, however, the 10.13.1 update gets installed and the root bug is reintroduced. Both Apple and the users did not realize this until after the update. Another assumption was that the users would reboot after running the patch, and the majority did not. Thus, causing the patch to be applied incorrectly, leaving your Mac vulnerable.
To avoid this issue, please be sure to upgrade to macOS 10.13.1 prior to running the security patch, followed by a proper reboot of your machine. If you have already gone through the update process and now are not sure if it worked, there is an easy way to check. Simply visit the Apple support page for the update and follow the steps using the Terminal app to confirm.
For the original content, please visit: macos-high-sierra-root-bug-can-reactivate