On Tuesday, Apple confirmed that its MacOS HIgh Sierra contains a bug that let anyone access the administrator control without entering the password. The issue was taken to the social media by many MacOS High Sierra users recently. The bug weakens the login security and lets the user bypass it. Apple also mentioned that it is working on the fix for the bug to stop the unauthorized access to the High Sierra devices.
Related : Apple
With the help of bug, a user can get unauthorized access to any MacOS High Sierra by logging in with “root” as a username and clicking the login button for a few times then user will be able to access the device without the need of the password. Apple officially confirmed the dangerous security vulnerability of the High Sierra devices after a Turkish developer Lemi Orhan Ergin pointed it out first. However, it is quite difficult to say whether Apple already knew about the bug prior to the Turkish developer disclosure or not. Apple assured the users that it is aggressively working on the update to eliminate this bug and also given the step-by-step instruction pages to avoid the unauthorized access.
“We are working on a software update to address this issue," Apple said. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section.” said Apple.
Users with the High Sierra on their Mac device can restrict the unauthorized access by creating a root password till Apple provides an anti-bug update. To make the root password, Go to System Preferences→Users & Groups → lock icon → enter your administrator name and password. Now, Click Login Options→ Join (or Edit)→Open Directory Utility→ icon and re-enters the administrator name and password. Finally, go to the menu bar in Directory Utility, select Edit and then click Enable Root User. Until Apple removes the bug permanently from the High Sierra this is the only way to block any unauthorized access. The bug is not found in any other MacOS.
Apple didn't give any timeframe for the update, but looking at the bug’s impact on the MacOS High Sierra it will be out soon. According to the reports, the bug also enables the users to access the Mac without password remotely through third party software VNC and Apple-owned Remote Desktop software.