UPDATE: A patch has been released by Apple. Apple has just released an update to fix the issue. If you are on High Sierra, go to the App Store and select Updates at the top of the application. There you will find the option to install the update on your machine.
Original Story
A blogger discovered a very serious vulnerability to macOS. Any user (even without administrator privileges) can use the username root with no password to run any commands on the Mac.
This gives any user (even one who should not be using the Mac) access to everything on the machine, and the ability to change settings add/delete files or install software without permissions.
In our testing we were even able to take control of a Mac without knowing the username or password to the machine.
We highly recommend if you have not yet installed High Sierra to hold off until Apple releases a fix.
If you are running High Sierra, a simple fix to address this situation while we wait for Apple to release an update is to enable root (lean how here): https://support.apple.com/en-us/HT204012 . If you are a partner client we are already taking these steps.
Apple has made a statement saying: "We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the "Change the root password" section."