I am not sure how this slipped out the door, but this bug is serious and Mac users need to pay attention. Assuming you’re running the most up to date version of macOS High Sierra, someone with ill will only has to do the following:
- Open System Preferences
- Choose Users & Groups
- Click the lock to make changes
- Type “root” in the username field
- Move the mouse to the Password field and click there, but leave it blank
- Click unlock
- Pwnage
This is a serious screw up by Apple as it gives someone with ill will total control of the Mac. And it’s serious enough that heads should roll for letting this slip out the door. I am going to guess that Mac users will get a fix for this in the next day or two…. And if Apple doesn’t deliver on that front, then they’ve really jumped the shark. But in the meantime to avoid being a victim of pwnage, don’t let your Mac out of your sight and enable a root account with a password to prevent the bug from working.
UPDATE: This is fixed. See here for details.