An official fix is now available via Apple directly as of today, Nov 29 less than 24 hours after the vulnerability was discovered. You can also fix this via the steps below.
After a security flaw was detected by a software developer who publicly announced the error Tuesday, Apple has now responded with a security update available through the mac App store (blue icon) in less than 24 hours. If you do not see the expected update for your Mac, install any updates listed and then return back to the Updates tab to see. You can also search for the app to update - in this case, that would be High Sierra. Here’s Apple’s guidelines.
This security update is important to install because a vulnerability in the ‘root’ user account can give a hacker access to other areas of your computer, including your private files, as Apple explains.
Users with macOS Sierra 10.12.6 were not affected by this security vulnerability. The new update fixes a logic error that existed in the validation of credentials. This error has now been addressed with improved credential validation.
There are two steps you can take to close this security hole on your own. They include limiting guest access and changing the root password.
To access this page, you may have to first click on the lock on the lower left and authenticate your account before you can make any changes in this area.
