Anybody using macOS High Sierra should take note of a rather trivial flaw in version 10.13 which could give anybody with physical access to your machine unfettered access to all of your files.
To exploit the bug a user needs to key in the user name ‘root’ into an authentication dialog box, leave the password field blank hit enter and then click on Unlock a few times.
In a few moments you’ll have complete access to a machine and you can install malware, fill up the storage or do whatever it is you want to do with root access to a machine.
The security flaw appears to only be present in macOS High Sierra and not previous versions of the OS.
According to The Register the same exploit can be triggered remotely if your macOS device has remote desktop access. More worryingly is the idea that somebody could use code to execute this flaw and use the unchained root user to sow seeds of havoc.
Is this a problem? Well yes, yes it is but thankfully Apple has said it is working on a fix. For those that are concerned you can take precautions right now.
The most obvious precaution is setting up a password for the root user. Apple has published a guide on how to activate the account (which is disabled by default) and change the password.
Just be sure to remember that password.
We would also advise you don’t leave your MacBook unattended while you get coffee this morning until you set that password.