Apple root hole. [A fix is released]
The latest version of High Sierra allows anyone to guess the password for root, the most powerful macOS system administration account. Once they’re logged into the root account, they can type root in a login field, and hit [enter] leaving the password field blank. Next, they’ll bypass the account password and seamlessly log in to your Mac computer.
Usually, very few macOS users log in as root, that’s why Apple didn’t set a password for it. However, a password is a must-have for a secure root account, and a randomly-generated password is preferable.
What are the risks?
Once logged in with root privileges, they have complete access to your Mac’s system and all your personal files.
How to fix it
The MacKeeper team has created an automated script that fixes the Apple root hole. All you need to do is to Download the script on your Mac and run it.
You can easily check and fix this security hole by yourself:
1) Open the Terminal window, paste the passwd root command, and hit [enter] three times.
If you see an error like this…
….there’s nothing to worry about – you don’t have a blank root password.
2) Otherwise, if you see no message at all, that means your root password is still blank. Try to run the same command:
But this time hit [enter] once, create your root password, and fill it in both “New Password” and “Retype New Password” fields. After this, you’ll see the following: