absolutely. the apple tv is 'just a hobby'.

the macbook pros had a *major* update a year ago, adding a touchbar,
touch id, thunderbolt 3 and a wide gamut dci-p3 display.

the imac pro is a completely new model in the lineup with very high end
specs, expected to ship in a month (likely in limited quantities).

the new mac pro a work in progress, with an unknown ship date.

macos continues to evolve, with yearly major updates.

that is clearly not a low priority.

The iPod is probably the lowest priority product at Apple these days.

Never mind. I saw your post in the UK group. (For those who are
wondering, it's Option + Return.)

So far I've triggered the enabling of root user with blank password at
all prompts for admin credentials (after being logged in), e.g. the one
presented by Installer, by Finder for authorising an operation in a
protected location, in Directory Utility for unlocking, etc.

I've also managed to trigger the bug remotely if Screen Sharing or
Remote Management is enabled: a VNC client can attempt to log in as
root/blank, which fails to log in, but it triggers the bug and enables
the root account, then a second attempt with root/blank works.

Ouch.

I was not able to trigger the bug via File Sharing (with default set of
users). That appears to have its own filtering on the account name so
root isn't allowed.

I haven't worked out a way to trigger the bug via Remote Login (SSH)
because I haven't found an SSH client which allows me to enter a blank
password.

Anyone know of one?

Once the bug is triggered and the root user is enabled with a blank
password, you can disable it again using Directory Utility, then test
again.

I've also seen a report (in a discussion thread on Ars Technica) that a
previously enabled root account and password WAS vulnerable to this, but
a newly enabled root account with non-blank password was not. Something
different about the DirectoryServices database entry created by an
earlier OS verison, perhaps?