Apple are currently working to fix a serious bug which allows an unauthorised user gain access to a Mac running High Sierra.
The bug lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.
While Apple works on its fix, it suggests setting a root password to prevents unauthorised access to your Mac.
“To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.
“If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Update: Apple released a security update to address the vulnerability. The update can be downloaded on all machines running macOS 10.3.1 using the Software Update mechanism in the Mac App Store.