Apple has released Security Update 2017-001 to fix a vulnerability that enables access to the root superuser with a blank password on any Mac running macOS High Sierra version 10.3.1.
Yesterday afternoon Lemi Orhan Ergin set off a firestorm on Twitter when he revealed a glaring security issue in MacOS High Sierra—anyone can login as “root” with no password required. It turns out that the issue in question works with any authentication dialog in High Sierra.