The issue, discovered in the MacOS High Sierra operating system for laptops and desktops that was released in September, allows people to enter the word “root” when prompted for a username, and provide no password when logging on to the device. The glitch allows anyone to access the file system for a Mac, exposing private documents on that particular computer. One user reported the ability to also access the computer using the root login remotely.
Until Apple releases a new version of the software or patches the flaw, users can fix the issue by assigning their own password to the root account.
This can be done by navigating to System Preferences, selecting Users and Groups, clicking Login Options on the left side of the menu, clicking the Join button next to Network Account Server, clicking Open Directory Utility, then clicking Edit in the Mac’s menu bar to assign a password. Apple also has instructions available on its website.
