Mac OS users have found a serious software flaw on the High Sierra that lets anyone log in to the Mac without needing a password and can gain full admin access. The bug was first discovered by developer Lemi Ergin which allows anyone log into an admin account using the username “root” with no password.
This security flaw puts the private data and information at risk. The MacOS High Sierra operating system for laptops and desktops that was released in September. This is a serious flaw considering that you no longer need a password when logging on to the device to gain full access to files, system settings, drive encryption and more.
[HTML1]
The issue is being made public yesterday on Twitter for which Apple was soon to respond and said that it would be rolling out an update in the coming days to patch the software flaw. Until Apple fixes the issue, users of Mac OS can fix the issue by assigning your own password to the root account. The bug is present in the current version of macOS High Sierra v10.13.1, and the macOS 10.13.2 beta that is in testing at the moment.
An Apple spokesperson commenting on the same has said:
We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.