It seems like there is a fatal flaw in the current macOS High Sierra 10.13.1, even straight from the login menu when you start up the computer. This severe vulnerability lets hackers — or anyone with malicious intentions — do anything they want as root users as long as they have physical access to the computer.
Apple issued a patch within 18 hours of the vulnerability being discovered, but for users who had not yet upgraded their operating system from the original version of High Sierra (10.13.0) to 10.13.1 before applying the patch and some have reported the bug arising after updating. Because this patch seems to have some issues rolling out and you should test to make sure this vulnerability doesn’t affect your macOS device.
Step 1 Logging into Root from Boot
A hacker can start up the machine, literally.On the login window, they’d click on the “Other” option, not an actual user or guest user. For the username, they’d simply input root and also for the password and it would be left empty. All they have to do is click inside the password box and then hit enter. They may need to hit enter continuously until they successfully logged in and on the desktop.
Step 2 Looting the System
After getting in, the hacker can quickly install any type of software he or she wants on the victim’s Mac, as long as no one is looking. They can reset passwords and view hidden files.
Protecting Yourself from This Hack
On your admin account, open a terminal window, then type the line below, continued by pressing enter. The -u argument will surely unlock the non-existing password allowing you to change the root password.
