The latest new MacOS High Sierra allows for anybody to logon to the machine using the username "root" with blank password field. The root access will be allowed if you continue to click on the login button a few times.
The bug was discovered by a Turkish developer Lemi Orhan Ergin, and he tweeted about the new bug to Apple, who clearly was not aware of the bug. The bug will allow people with bad intentions to access the MacOS easily, making them vulnerable.
After the tweet by Ergin, different MacOS users have now also tried and confirmed the bug. It is confirmed that the bug will allow to anybody to access the MacOS, either as an administrator or when trying to unlock the Mac via a logon screen.
If bad users access the computer of a system administrator via this bug, they can virtually overwrite the any part of the computer system, including files of other MacOS accounts of the system admin, resets user account or delete their accounts. Bad actors can also remove the Apple ID linked to the computer .
The bug is currently on the new released MacOS High Sierra 10.13.1, and the macOS High Sierra 10.13.1 that is being tested. The bug will allow the user be able to do this via a remote desktop software, VNC and also via Apple's own Remote Desktop software.
In a press release response to major news outlet, Apple confirmed the bug, and also assures the users its working on a patch to fix the bug, and asked that users set a root password to prevent the unauthorized access.
How To Protect Your Mac From This Majr Flaws
It is adviseable that users of macOS High Sierra take action as you read this...
1. Go to the System Preferences > then click Users & Groups (or Accounts)
2. Click lock icon, then enter an administrator name and password.
3.Click Login Options.
4.Click Join (or Edit).
5.Click Open Directory Utility.
6.Click lock icon in the Directory Utility window, then enter an administrator name and password.
7.From the menu bar in Directory Utility:
8. Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
Do not disable root account, as this will not solve the problem..