By John Gruber
Sky Guide brings the beauty of the stars down to Earth.
Juli Clover, reporting for MacRumors:
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.
There’s no “appears to be” about this — this is a serious bug. Allowing root access without a password is just inexplicably bad. I rarely describe any bug as inexcusable, but this is inexcusable.
Until Apple issues a fix, there is a workaround: manually enable the root user account and give it a strong unique password.
★ Tuesday, 28 November 2017