Following the discovery of a major vulnerability within macOS which provides system administrator access to general Mac users on a target machine, enabling access to the account without requiring a password, Apple has released an emergency update to fix the critical root bug.
The vulnerability was found yesterday by Software engineer Lemi Orhan Ergin who shared his findings on Twitter.
Apple issued the following statement…
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.