In identical statements to The Loop's Jim Dalrymple and iMore's Rene Ritchie, Apple says it is crafting a patch for a major macOS High Sierra security hole that grants root level access to a logged-in Mac.
"We are working on a software update to address this issue," Apple said. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a black password is not set, please follow the instructions from the 'Change the root password' section."
Discovered earlier today, the flaw allows anyone to log in under a Mac's "root" System Administrator without the need for a password. In practice, the exploit merely requires access to System Preferences, and can be performed in a matter of seconds. Nefarious users can also exploit the bug to bypass a Mac's lock screen.