Apple has told Rene Ritchie of iMore that it’s working on a fix for the root access vulnerability in macOS High Sierra. The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password.
This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac. Here’s Apple’s statement:
