Apple releases Security Update 2017-001 to fix macOS High Sierra vulnerability

Apple has released Security Update 2017-001 to fix a vulnerability that enables access to the root superuser with a blank password on any Mac running macOS High Sierra version 10.3.1. 


Yesterday afternoon Lemi Orhan Ergin set off a firestorm on Twitter when he revealed a security issue in macOS High Sierra. Anyone can -- or, rather could -- login as “root” with no password required. It turns out that the issue in question works with any authentication dialog in High Sierra.