UPDATE: Now patched!
A major security bug has been discovered by an Apple customer that can give anyone root access without having to enter the password. This vulnerability can potentially expose user’s files and sensitive data. All the hacker has to do is put “root” as the username without entering any password to gain access.
While Apple has confirmed that a patch is in the works, a simple way to thwart the potential hack is to change the root password. If you’re unsure, Apple has a handy support page explaining how to change it.
Apple has, for most of the part, been pro-security for its devices but it’s surprising to see such a thing in the latest MacOS High Sierra giving unauthorised access to the computer.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017