I’m sure you may have heard of this by now, but if you have Macs running High Sierra in your environments, please read.
Anyone can sign into a mac running MacOS High Sierra with the username “root” and no password if they click login a few times. I confirmed it on a friend’s mac a few minutes ago.
Official Apple statement as of now is to create a user with the username “root” and a secure password.
I’m sure it will be patched very soon but we have a few clients with macs and they may have some questions of they hear the news in the morning.
First post about the issues on Twitter by a developer:
Best article I found on it here:
Also, a lot of people saying it can’t be exploited remotely but more tweets showing video of that not being true: