Essentially, the bug allows someone to either login to your Mac or unlock System Preferences by using the user name "root" and a blank password. Ergin did not report this vulnerability to Apple first, but rather just tweeted it out after discovering it, which means everybody is at risk once word spreads.
The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system.
For now, you can test your Mac by going to System Preferences, choosing Users & Groups then click the lock to make changes.
Today, it was discovered that there's a major security vulnerability in the latest version of macOS, High Sierra.
From the account, you'll able to see everything on the Mac.
After clicking unlock several times, it should eventually open up, no passwords necessary. Those running previous versions of MacOS including Sierra and Yosemite do not appear to be affected by the bug.
We can confirm the bug is present in macOS 10.13.1 and for anyone with a Mac in a public office space, you are urged to fix this by yourself, immediately. We've reached out to Apple for comment and will update it we hear back. We are now updating our machines and will report back. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra's login screen here.
Enter "root" again with no password.