Apple’s macOS High Sierra has a fatal security flaw allowing anyone to bypass system security by logging in as “Root” with no password and clicking “unlock” numerous times. Here’s what we know so far:
A user reported the issue earlier today, but initially it wasn’t specified which version of Mac OS High Sierra was affected, what machines, or anything other than what the problem was.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Effectively, this issue renders any system running macOS High Sierra completely unsecured — as it doesn’t just unlock the device, it gives Admin access.
We immediately tried to replicate the problem, but weren’t able to on systems running 10.13 (17A365).
It appears the flaw is isolated to High Sierra 10.13.1 (17B48). Even so, anyone running any version of High Sierra should take the utmost precaution with their systems until Apple sorts this entire mess out.
Let's take a closer look at what's happening together. Send us a DM that includes your Mac model along with your macOS version. We'll meet up with you there. https://t.co/GDrqU22YpT
— Apple Support (@AppleSupport) November 28, 2017
We’ll update this post as more information is revealed.