The good news is that there's an easy and safe way to check and fix this problem. This isn't one of those times.
In a statement given to INQ, Tyler Moffitt, senior threat research analyst at Webroot described the flaw as "devastating", but noted that things could have been a lot worse. If Guest Accounts are enabled, or if the user has selected to use the old-fashioned username-and-password login screen in place of its icon-based replacement, however, access is possible even from a cold boot.
The flaw only works when the root superuser account has a password that is blank, so by setting a password, you should block off any miscreants trying to gain access to and control of your Mac.
They can now access any file on the drive, even if it's otherwise protected by Filevault. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012M.
This is full access.
"By testing this vulnerability on your own computer, you'll end up creating (or modifying) a persistent root user account on your system".
Choose Apple menu () System Preferences, then click Users & Groups (or Accounts). Open the "Direct Utility" and click on "Edit". Following this, they just have to click the lock, enter the word "root" in the username field, select the password field (keep it empty) and tap the "Unlock" button.
Now click Edit Enable Root User in the menu bar.
The best way to avoid any security issues that might appear because of this flaw is to go to the above options, change root password, and then disable the account.
Apple has said it is working to fix a serious bug within its Mac operating system.
The solution was then followed by exclaims of surprise that Apple's software permitted such an action. "Send us a DM, and we'll look further into this with you". That issue meant that when a user requested a password hint for certain encrypted volumes the operating system instead displayed the entire password. In October, the company released a patch for a flaw discovered the previous month that allowed unsigned apps to capture plain-text passwords from the Mac keychain.