Ergin said staff members reported the vulnerability to Apple on November 23, and he disclosed the flaw publicly in a tweet on Tuesday. However, the bug is not fixed in that case until the user reboots the computer. A bug in Apple's operating system was recently made public after a Twitter user exposed a vulnerability that allowed basically anyone to access Macs using only the username "root" without entering so much as a password. Essentially, if you were behind and hadn't updated to macOS 10.13.1 yet, you need to be sure to reinstall the security patch that Apple released earlier this week for the root hole. "I can't think of anything worse that has been shipped by a major operating system in the past decade". He wrote "On Nov 23, the staff members informed Apple about it (bug issue)". This led multimedia developer Greg Edwards to tweet, "Are you running Mac OS High Sierra, and if so, when will you be away from your desk for 10-15 minutes today?"
Once this latest software blunder was brought to Apple's attention, it published a new support document to walk users through some [relatively] simple steps to fix file sharing. That would permit unfettered access to the file system for a Mac, exposing private documents on that particular computer. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. To do this in the settings section "Users and groups" click on the button with a lock.
You'd think that would be the end of Apple's software troubles for this week, but you'd be wrong. The latest version of MacOS will automatically download the update.
Several experts have lambasted Apple for allowing the vulnerability in the first place.
According to Thomas Reed, an Apple-focused researcher at security firm MalwareBytes (via Wired), even if a Mac user instinctively reinstalled the security patch after they upgraded High Sierra, they could still be left vulnerable. "It seemed like the issue had been revealed, but Apple had not noticed yet".