A pretty major security flaw has been found in macOS High Sierra, which allows people to log into a Mac running the latest operating system by simply using ‘root’ as a user name, and not having to enter in a password.
Worst of all, logging in with this account gives the user full admin rights, which means they can change system settings, and potentially wreak havoc on the Mac.
Update: Apple has now released a fix for this update, so you should implement it immediately. To do this open up the Mac App Store and click on ‘Updates’. Select the security update (2017-001) then click ‘Update’. You may also want to follow the steps listed below to make sure you have a root account with a password you have set.
How to change the root password in macOS High Sierra
First of all, open the Apple menu by clicking the Apple icon in the top-left hand corner of the screen, then click on ‘System Preferences’.
From there, click on either ‘Users & Groups’ or ‘Accounts’. You should see a padlock icon. Click it, then enter in the name and password for your administrator account. Click ‘Login Options’ then ‘Edit’.
Next, click ‘Open Directory Utility’, then click the padlock icon in the window that appears. You’ll need to enter in your administrator name and password again, then open the menu bar in Directory Utility and click on ‘Edit’ then ‘Change Root Password…’
Now, choose a password for the root user account. It’s worth making this an easy to remember – but hard to guess – password. The root user account is an incredibly powerful account, so you don’t want most people being able to log into it.