Apple didn’t waste any time getting a patch out for the macOS High Sierra security flaw that gives people root access to your Mac without requiring a password. The flaw too the internet by storm on Tuesday, and by Wednesday morning the patch was ready to download.
The security flaw lets anyone enter “root” as the user name to login or in the Users & Groups authentication dialog without a password. Clicking Unlock multiple times authenticates as root, giving you root-level privileges. That’s a huge security flaw because root is the supreme user on your Mac and can do anything from look at invisible files to delete user accounts.
Apple’s security notes say the problem involved a “logic error existed in the validation of credentials. This was addressed with improved credential validation.”
Security Update 2017-001 fixes the issue. It’s a free download for all macOS High Sierra users; just go to Apple menu > App Store, and click the Updates tab to find it.