A security flaw, and a major one at that, has been detected with the macOS High Sierra operating system that can let anyone bypass the login screen to get unlimited access to the device. This way, anyone with physical access to a mac device can reach out to any files or other systems in the device without even requiring the password.
In fact, so simple the entire process is – one just has to use ‘root’ as the user name – that it raises question how something as basic as this could have been missed out by the software testers within Apple. The company has however acknowledged it has become aware of the issue and assured a fix is already in the works. The issues remains as of MacOS build 10.13.1.
In the meantime, Apple has suggested setting up a root password (steps given in the end) for Mac users to safeguard their devices till the time a remedy to it becomes available. There is no word though as to how soon the fix can be expected to reach the public.
The reason the vulnerability is being considered critical is that anyone with malicious intent can not only enjoy access to all files and folders in the device, the flaw can also let the intruder enjoy full administrator status as well, thereby enabling him or her full ability to change or reset login credentials of exiting users on that device. In fact, so huge the flaw is that the Mac will simply have no security unless Apple issues a fix to it. That also is the reason one hopes it becomes available soon enough.
As for the temporary solution mooted by Apple, that of setting up the root password, here is how that can be done.
Go to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit. In the pull down menu, click on Enable the Root User – if that hasn’t been already, that is – following by clicking on Change Root Password.