A MASSIVE security vulnerability has been discovered in High Sierra.
https://twitter.com/lemiorhan/status/935578694541770752
Quote:
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable!
|
Sounds like the workaround is to set a root password. Probably a good idea for anyone on High Sierra to do this until a patch is released.