A new security flaw in macOS High Sierra has been discovered by researchers — one that can grant users access to the system administrator account on a target machine, enabling access to the account without requiring a password.
Root access with the repeated press of the return key… I don’t think I’ve ever seen such a massive hole in an Apple product before. Unbelievable!
The workaround… set a root password. For details on how to do that and securing your highly vulnerable High Sierra (possibly the worst macOS release ever for many reasons BTW) check out the support doc here.
Alternatively watch and follow the video in this tweet from iMore’s Rene Ritchie.
https://twitter.com/reneritchie/status/935627307565355014
Source: Major vulnerability in Apple’s macOS provides System Administrator access with few instructions [u]