A critical flaw has been discovered in macOS High Sierra that lets any user in as ‘root’ by leaving the password field blank and trying multiple times in a row.
Here’s why it’s so serious: The “root” account allows super-user access to your system. Anybody who has physical access to your Mac or can get through via screen sharing, VNC, or remote desktop, and enters “root” and hits login repeatedly, can gain complete access to the machine.
This bug affects all machines running macOS High Sierra. Mac’s running Sierra or earlier versions of the OS are not affected.
Due to the seriousness of this bug, our engineering team have been working on an escalated fix that we can deploy to affected machines today while we wait for Apple to release a software update to address the issue.
For all of our clients on Managed IT Services agreements with Advanced Monitoring and Maintenance, we will be deploying a script shortly to remediate this issue. This will be deployed remotely and no user interaction is required.
For all other clients on Managed Support Agreements, we will be reaching out to you today to organise the deployment of this fix.
If you have any questions or concerns about the impact of this bug, please email firstname.lastname@example.org
The Mac Centre IT Service Team