MacOS High Sierra, "the most advanced operating system for computers", has a critical vulnerability through which anyone can gain administrator, root access without having the account password. Moreover, administrator access, root, can be obtained not only without entering the password of the administrator's account, but also without going through the security question verification procedure.
Any unlocked Mac is vulnerable to any person who wishes us harm, but due to the macOS High Sierra bug it can also be unlocked by a person of bad faith. Logging into the system from the lock screen, or accessing administrator rights, is done using the root username, without using a password, but leaving the password field empty.
macOS: Anyone can have Administrator Access WITHOUT a password
After obtaining administrator rights in Mac, you can see absolutely everything that exists in that computer and you can control the files as you like, without being able to be stopped. The bad part is that anyone with access to a Mac with macOS High Sierra 10.13.1, or 10.13.2 can use the vulnerability, the good part is that it does not work remotely.
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."
Apple knows about the major security problem that macOS has and of course it promised to solve it as soon as possible, but until then there is a solution to secure your Macs. More precisely, you must create a new root username with the set password, the System Preferences section being the one where you can create new usernames.
So, what do you think about the security offered by Apple?
