Mac OS High Sierra major vulnerability


#1

If you have a Mac with High Sierra on it, you are possibly at risk to a pretty bad bug.

At first it was being reported that this was only with physical access, but people have been able to do it remotely if you have VNC/RDP/Desktop Sharing stuff set up.

Best thing you can do now is set a root password to prevent the blank password default from taking over.

or if you are comfortable in the terminal, change the root password with the following command sudo passwd root to set a non-blank password.


#2

Change the password and turn off the guest account, yeah. This is a pretty silly ass bug.


#3

Official update is available now


#4

The most hilarious part, a user chetan177 “casually posted this” a couple of weeks ago:

Solution 2:
If you’re unable to login at startup using username: root and empty password, then login with your existing account (standard user).
Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon. If it does, try Solution 1 next.

P.S. Solution 2 worked for me. No idea how or why. Hope this helps. [emphasis mine]

https://forums.developer.apple.com/thread/79235#277225