Mac users running the latest version of Apple's operating system, High Sierra, are susceptible to a pretty huge flaw that could grant anyone with physical access to your Mac unfettered access to everything on your machine. The hack seems to be affecting only macOS High Sierra 10.13 and 10.13.1 versions. Luckily, Apple has now issued a fix.
Image credit: Apple
The password hack takes advantage of a flaw in the way macOS handles user accounts. Changing the name of a user's login to "root" and using a blank password can grant ne'er-do-wells access to everything in your computer, let them install malicious software, or lock you out of your account completely.
You can check if your computer is affected by the flaw by trying to hack yourself. First, visit your System Preferences, then the Users & Groups page. There, you can modify user accounts, add administrator or guest accounts, add parental controls, and select which apps start up along with your Mac. Hit the lock located at the bottom left corner of the window to make changes to these preferences.
Here's where the flaw comes into play. When you're asked to enter your password, delete the username and replace it with "root", leaving the password blank. Then, hit "Unlock". You may have to click it a few times, but eventually you'll be granted access.
Apple has just released a security fix addressing the root account access flaw this morning. Security Update 2017-001 alters the way Apple validates items like usernames and passwords, and prevents malicious parties from changing your password without the proper login credentials. You can find the update in the App Store on your Mac. We suggest you do so posthaste.