Apple today released Security Update 2017-001 to fix a serious vulnerability that enables access to the root superuser with a blank password on any Mac running macOS High Sierra version 10.3.1 and later.
The critical bug, which gained attention after it was tweeted by developer Lemi Ergin yesterday, lets anyone log into an administrator account using the username “root” and any password, including a blank one.
The security update is rolling out on the Mac App Store now for macOS High Sierra users. Apple recommends installing it as soon as possible.
The vulnerability does not affect macOS Sierra or any other earlier version of Apple’s desktop operating system.
Discuss this article in our forums