A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords.
In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and gain access immediately.
To carry out the exploit,
-> Open System Preferences-> Users & Groups -> Enter “root” in the username field-> Select Password field and hit enter multiple times.
What’s more, there’s no patch yet for this!
Make-shift fix to protect:
-> Enable the root user with a password.
Follow the below steps:
System Preferences -> Users & Groups -> Enter your admin name and password there
Go to Login Options -> Join -> Open Directory Utility”
Make changes and type your username and password -> Edit-> Enable Root User-> Set password
Additionally, disable Guest accounts on your Mac
System Preferences → Users & Groups-> Guest User-> Disable Allow guests to log in to this computer