In short, anyone can gain root access if they have access to your machine.
Quick fix - add a password for root. Apple are working on a fix.
3 Likes
It’s fascinating how the bug comes about. In essence in the user control panel area if you add a user and type in ‘root’ and try to add it then the system sees that the ‘root’ user does not exist, but is disabled, so it ‘helpfully’ enables it, this still causes the prompt to return a failure the first time, try it again then it finds the account exists and the password (or none) matches so it uses it. This is a major mis-design. ^.^;
1 Like
crazy! there is an update out now… so do update asap(no restart needed).
2 Likes
I haven’t upgraded to High Sierra yet. But these are the types of things that always make me want to wait several months before doing it.
2 Likes
I’m not usually too worried about security when it comes to OS X… it’s usually the dev environment that breaks 
