A MacOS user has found a serious security issue with High Sierra which lets anyone login to your MacBook or iMac without a password and gain full root access. The bug was discovered by Lemi Ergin and he was able to login to his system by using root as the username and no password.
This security flaw puts all your information at risk along with your private data, photos, and any content stored on your Mac. Considering the wide-adoption of High Sierra, a huge number of Macs are expected to be affected by this flaw. It's not just your data that is at risk here, but anyone can now have access to disk encryption settings, all files, system setting, that too without a password.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
How to prevent login without password on your Mac?
To prevent logging in without a password on your Mac, you can assign your own password to the "root" account. This is the safest way till Apple rolls out an update to fix the issue.
Apple has confirmed that they are working on a patch to prevent unauthorized access to your Mac. They are also advising to change the root password to anything other than blank.
Here's Apple's statement on the matter:
We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.
