Many Mac news sites and blogs are reporting about a way that someone can gain access to your Mac without your password. However, the danger is usually overstated as someone needs physical access to your Mac to use the exploit. In this video I'll show you the problem and also a simple way to prevent it. However, Apple will probably have a fix for this in the next few days or even hours.
Check out The Root Password Hack Explained at YouTube for closed captioning and more options.
Update: Apple security update 2017-001 fixes this. Released today. Go to the App Store, Updates to get the patch. https://support.apple.com/en-us/HT201222
Thanks for the clarity of explanation!
You're so good at explaining this stuff, you should do it of a living. :)
Sorry for the auto-correct misspell in my comment above...
I meant to say:
You're so good at this stuff, you should do it for a living. :)
Apple did release a fix for the "root password hack" but apparently that fix caused another problem, as reported here and many other sources: https://www.engadget.com/2017/11/30/apples-high-sierra-security-patch-affected-mac-file-sharing/ . This morning I saw, on software update, that there was another patch from Apple to download and install.
Thanks for the explanation! Question: is it necessary to “disable root user” after we’ve followed your steps? Or does it matter? Thanks!
Robbie: None of it matters now, since Apple has patched the problem. With the patch in place, I would disable root user if you don't need it.