Recently, they discovered a very serious vulnerability in the Mac OS High Sierra for the version 10.13 and 10.13.1 that allows anyone to login into the computer using the root user account without supplying any password. The vulnerability was first noticed by some Mac users and they posted it on the Twitter. Since the vulnerability gives access to the root user account, it gives all the permissions to make changes to the system. Apple issued a quick fix to disable the root user altogether so that nobody can use the vulnerability and gain access to your Mac with all the possible permissions needed.
If you do not know how to disable the root user account, then you can follow these steps:
- Open the User Accounts settings by selecting Apple Menu and then System Preferences. After this you should select User Accounts.
- You have to enter the administrator username and password after clicking on the padlock icon so that you can make changes to the system.
- Click on Login Options, then Connect and then Open Directory.
- Once again enter the administrator username and password after clicking on the padlock icon. Then from the menubar select Directory Toolbox and choose Edit → Disable Root.
But you do not have to disable the root user account. Apple has released a hotfix for patching this vulnerability. You can learn more of this security update from https://support.apple.com/en-us/HT208315 and install them in your Mac OS. The security update applies only to Mac OS High Sierra 10.13 and 10.13.1 only. Other versions of Mac OS remain unaffected by the vulnerability anyway.
These security updates will be automatically delivered to your Mac. You can check for Mac software updates by opening the App Store app on your Mac and clicking Updates in the App Store toolbar. When you find new updates in the list, you can then use the Update buttons to download and install any updates listed.