Apple released a patch for the macOS High Sierra 10.13 operating system vulnerability.
Developer Lemi Orhan Ergin disclosed the security vulnerability on his Twitter account, informing Apple and the macOS community a flaw could allow anyone with physical access to a Mac running the latest macOS High Sierra 10.13 operating system to bypass the lock screen and change any settings without needing the username or password.
This was possible through the Other or the Guest User accounts. Someone could simply unlock your Mac via the Other account, accessible from the login screen, if they typed the “root” username without a password.
When logged in via Guest User, it was also possible to access sensitive information and modify your settings by logging it as root, without a password in the login prompt.
Apple was quick to patch the security flaw and released the Security Update 2017-001, which patches the issue. The company urges all users to install this update as soon as possible as it improves the security of your Mac and disables root access without a password from the Other or Guest User accounts. The update is now live in the Mac App Store.