Well, this qualifies as a pretty huge mess.
Following the discovery of a security hole in macOS High Sierra in which a user can simply enter their user name as “root”, not provide a password and be allowed full access to the computer, Apple has offered the following statement:
“We are working on a software update to address this issue,” Apple said. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a black password is not set, please follow the instructions from the ‘Change the root password’ section.”
The flaw was discovered on Tuesday and could be used to bypass a Mac’s lock screen.
Beyond those who have direct access to a vulnerable Mac, the security hole also works remotely in certain scenarios where screen sharing, remote access or VNC sessions are enabled. Users should disable those features until Apple’s update arrives.
Apple has yet to state when a fix should be available by,
Stay tuned for additional details as they become available.
Via AppleInsider, iMore and The Loop