Apple has released Security Update 2017-001 to fix a vulnerability that enables access to the root superuser with a blank password on any Mac running macOS High Sierra version 10.3.1.
Yesterday afternoon Lemi Orhan Ergin set off a firestorm on Twitter when he revealed a security issue in macOS High Sierra. Anyone can — or, rather could — login as “root” with no password required. It turns out that the issue in question works with any authentication dialog in High Sierra.
