If you've got a Mac that's running the latest version of macOS High Sierra, you're going to want to keep it in your line of sight. A recently uncovered bug appears to allow anyone to login as an administrator merely by entering the username "root" and no password.
Discovered by software engineer Lemi Orhan Ergin, the bug allows anyone who has access to your computer to gain full, administrative access in just seconds. It also allows for anyone to login to a machine even immediately after reboot.
In the time since the tweet, a whole host of people have come forward to replicate the bug in all its hideous glory:
The bug is quite similar to as it might function if enabled by default and with a blank password. You can check your version of macOS by clicking on the Apple logo in the upper left-hand corner of your screen and clicking "About this Mac." We've reached out to Apple for comment and will update it we hear back. But given the cartoonish extremity of this bug, chances are a fix will be available soon. In the meantime you can turn on Apple's "root user" feature and give it an actual password by following .
Update: Apple has released an update and responded with the following statement:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.