A security flaw has been detected in Mac operating systems High Sierra 10.13 or greater. This vulnerability allows anyone to log into a Mac device and change administrative settings by typing in the username “root” with no password. Users should apply the newly published Apple Security Update described at support.apple.com/en-us/HT208315 as soon as possible.
Systems at risk:
- Users with Mac operating system updated High Sierra 10.13 or greater;
- Systems with local console access, such as shared computers in teaching or lab environments, where users are not privileged with root access; and
- Systems with Apple Remote Desktop (ARD) enabled.
Systems not at risk:
- Mac operating systems that are prior to 10.13
Users with High Sierra 10.13 or greater should visit the Apple App Store and install the 2017-001 update as soon as possible.
A temporary fix is to create a root account, then set a password and leave it enabled; instructions can be found online.
More information can be found at the following websites: