IT News reports that the MacOS High Sierra provides root user access to every function in a Mac computer without password. Logging in as the root user with a blank password enables access to all aspects of the Mac computer for hackers to turn off security settings, create administrator users, install malware etc.
You can login as the root user on High Sierra with no password (blank password) from the main login screen or the systems preferences settings. IT News reports that this flaw can also be exploited remotely and disabling the root account does not work.
Solution - set the root user password
The cure is to set the root user password but this is easier said than done.
Setting the root password is a little complicated. Apple's instructions are:
High Sierra MacOS has a serious flaw that root user access has a blank password.
This enables hackers to have access to all aspects of a Mac computer with High Sierra.
The flaw can be exploited remotely.
The cure is to set a secure root user password following Apple's instructions
More details area available from IT News, Lemi Orhan Ergin, Patrick Wardle and Mashable