Mac OS High Sierra users are vulnerable to a serious security flaw that grants just about anyone root access to their computers without a password. Anyone can simply login to your computer by simply entering “root” username and a blank password giving anyone complete and total control to your Mac.
This security flaw present in macOS 10.13.1 was discovered by developer Lemi Orhan Ergan on Twitter. Apple is yet to release a patch for it, but has released a work around on their support page.
Basically you can change the root password or disable the root user all together. Apple advises that you disable the root user since that’s reserved for system administrative tasks.
Enable or disable the root user
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility:
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
- Or choose Edit > Disable Root User.
Change the root password
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility, choose Edit > Change Root Password…
- Enter a root password when prompted.
Image: howtogeek.com
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
- Or choose Edit > Disable Root User.