On a Mac running High Sierra? Update now.
http://www.washingtonpost.com/blogs/the-switch/wp/2017/11/29/on-a-mac-running-high-sierra-update-now/
Apple issued a patch Wednesday to fix a major flaw that allowed people to gain deep access to computers running its latest operating system without the need for login credentials.
Reports of the flaw began circulating Tuesday after security researchers found the vulnerability. The researchers reported that it was possible to gain access to a Mac — and its core settings — without having to use its owner's username and password. Instead, a potential hacker could type “root” into the username field of key settings in System Preferences menu without entering the password.