There's a 'root' security bug on MacOS High Sierra that gives anyone full access to the system
Another day, another embarrassing bug from Apple. This time, it’s a serious security flaw in MacOS High Sierra, one that lets anyone gain 'root' access to the machine. First revealed by software developer Lemi Orhan Ergin, anyone can pull this off without sophisticated tools; you just need to know how to click a button.
On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system’s security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type “root” as a username, leave the password field blank, click “unlock” twice, and immediately gain full access.
Apple is already aware of the issue and is working on a fix. Until then, High Sierra users should enable root user and set a password by following Apple’s instructions here. Reminder: don’t disable root user after setting the password, or else the bug will return. You should also turn off screen sharing since that’s another place that uses the login prompt.
(For the uninitiated, a root account gives super-user access to the system, so that its user (usually administrators) can gain access to more areas of the system. On MacOS, this is supposedly disabled by default. So yeah, this bug is very bad.)