An Apple spokesperson sent Macworld the following statement:
We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.
How to fix the root security issue
Apple has issued an OS X 10.13.1 Security Update that patches the flaw. In the description, Apple urges users to “Install this update as soon as possible.”
However, while this patch will fix this issue, you’ll want to change the password for
root to protect against future security issues. Here’s how to do that:
1. In the Finder, click on the Go menu and select Go to Folder.
2. Enter the following:
/System/Library/CoreServices/Applications/ and then click Go.
3. Find the Directory Utility app and launch it.
4. Click the lock in the lower left to make changes. In the pop-up window, enter your user name and password, then click Modify Configuration.
5. Click on Edit in the menu bar and select Change Root Password.
6. In the pop-up window, enter a password and verify it. Click OK.
7. In the main window of Directory Utility, click the lock to lock it and prevent further changes.
8. Quit Directory Utility. You are done.
If you try to enter
root without a password at a login prompt, the prompt will shake and reject your login. You’ll need to enter your new password to gain
Sign up for Computerworld eNewsletters.