Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username “root”

The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.

This allows you to sign in to any device running macOS High Sierra as the root superuser, bypassing all security mechanisms that are currently in place.

Entering “root” as the username and leaving the password blank gives you access after a few attempts

A temporary fix is to enable the root superuser with a password, although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability.

Additionally, you could change the root password from terminal with

sudo passwd -u root