One of Apple’s worst exploits has recently been uncovered which allows anyone with physical access to the machine to gain admin rights. The bug only works on their newest operating system, macOS High Sierra. What makes this so bad is that anyone with knowledge of the attack would be able to perform it. All you have to do is bring up the authentication window, type in root for the username and leave the password blank, click on unlock a few times and you’re king of the castle – you can even do this from the user login screen.
Fortunately, all you need to do to prevent this attack is set a password on the root account. Here is a link that should walk you through the steps involved. If that doesn’t work, try the steps below (source):
open a terminal window
type ‘sudo su’ – use your own password to authenticate. You are now root.
Type ‘passwd’ and change follow instructions on screen to change the password
Hopefully, Apple releases a patch for this bug quickly because this can be executed through the command line as well. That means if you have any malicious apps installed they could exploit this vulnerability and cause some serious damage.
Update: Apple states that there is a fix available for download in the App store, and the patch will be automatically pushed to all users with the High Sierra OS by the EOD on Wednesday.