Just yesterday it was discovered that there is a major security flaw within macOS High Sierra, but Apple has already released a fix.
It was reported recently that a flaw within macOS High Sierra 10.13.1 (and 10.13.2) allowed for anyone with physical access to a Mac to quickly gain root access to the device without needing a password, just by inputting the word “root” in the username field when accessing the Users & Groups section within System Preferences. Unlocking the machine that way, however, also meant the root exploit could be used on the login screen as well, basically granting access without a password — even if one was required on the Mac owner’s own account.
Now, Apple has released Security Update 2017-001, which is meant for macOS High Sierra 10.13.1 and later, to address this major security flaw.
The new software update, which is specifically designed to patch this security flaw, is available right now via the Mac App Store. You can open the app on your Mac, download and install it, and then the problem should be fixed. It is highly recommended that you install the newest security software as soon as possible.