As we had reported earlier, there is a major security flaw in macOS High Sierra that gives full admin access to the Mac without a password.
“root” user is supposed to be disabled by default, but due to the bug “root” is enabled and currently allows access to anyone without a password.
Apple has acknowledged the bug and has said that it is working on a fix. However, until then, we would strongly recommend enabling root password with a password to prevent someone getting full admin access to your Mac.
Note, this bug affects macOS High Sierra, it does not affect macOS Sierra. So if you’re on macOS High Sierra then follow these steps to temporarily fix the macOS High Sierra security bug.
Step 1: Launch System Preferences
Step 2: Navigate to Users & Groups
Step 3: Click on the Lock icon to make changes. Enter the password when prompted and click Unlock.
Step 4: Click Login Options.
Step 5: Click Join next to Network Account Server at the bottom.
Step 6: Click Open Directory Utility.
Step 7: Click the lock icon to make changes. Enter the password when prompted, and click Modify Configurations.
Step 8: Click Edit from the Menu bar and click Enable Root User.
Step 9: Here set a root password so that the root user cannot be accessed using a blank password because of the bug.
As always, let us know how it goes in the comments below. Given the seriousness of the bug, we expect Apple to provide a bug fix soon.