Update #2: An official fix is now available; no restart required.
Update: An Apple spokesperson has issued the following statement, saying an update is in the works:
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
A newly discovered macOS High Sierra flaw is potentially leaving your personal data at risk. Developer Lemi Orhan Ergin publicly contacted Apple Support to ask about the vulnerability he discovered. In the vulnerability he found, someone with physical access to a macOS machine can access and change personal files on the system without needing any admin credentials.
Users who haven’t disabled guest user account access or changed their root passwords (likely most) are currently open to this vulnerability. We’ve included instructions on how to protect yourself in the meantime until an official fix from Apple is released.
expand full story