New security update fixes macOS root bug
https://arstechnica.com/gadgets/2017/11/new-security-update-fixes-macos-root-bug/
Yesterday we learned that Apple had made a serious security error in macOS—a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in "root" as the username and leaving the password field blank. Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store. Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.
Apple's brief notes for this security update (Security Update 2017-001) explain the bug by saying, "A logic error existed in the validation of credentials," and claims the problem has been addressed "with improved credential validation."