A fix for macOS High Sierra’s security issue is now available. Apple has issued the following statement on the matter:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
Looks like Apple‘s macOS High Sierra operating system has just had a rather massive vulnerability exposed in the system; allowing anyone to gain system administrator access without even needing to enter a password.
The vulnerability was publically revealed on Twitter earlier, but it’s unknown whether or not Apple was alerted to it beforehand.
The issue remains present as of macOS 10.13.1, the current release of High Sierra. Basically, the issue allows user to enter a System Administrator account when the vulnerability is exploited, and even lets said user to change passwords and view files for pre-existing users on the machine itself. They can even tamper with Apple ID email addresses and do a handful of malicious actions that could otherwise not be possible without access.
For now, the best you can do to protect your Mac is to set a root password, you can view the necessary steps here.
Apple has confirmed that they’re working on a software update to fix the issue, and have published a step-by-step guide to fix the issue but have yet to produce a timeframe for said update, so we can just cross our fingers that it comes soon.