macOS High Sierra 10.13.2 Beta 6 Fixes Root Password Vulnerability
The newest beta of macOS High Sierra 10.13.2 fixes a major macOS High Sierra vulnerability that enabled the root superuser on a Mac with no password and no security check.
Apple on Wednesday released a security update to fix the problem on machines running the current release version of macOS High Sierra, 10.13.1, but the bug has remained in macOS 10.13.2 until today.
Developers and public beta testers who are running macOS 10.13.2 should update to beta 6 right away to protect their Macs. MacRumors has confirmed that the vulnerability, which involved entering the username "root" with no password in the Users & Groups section of System Preferences, is no longer functional.
Entering "root" without a password in lieu of an administrator's username and password no longer unlocks a Mac.
When releasing the fix for macOS High Sierra 10.13.1, Apple apologized for the oversight and said it would audit its development processes to prevent something similar from happening in the future.
"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," read a statement from Apple provided to MacRumors.