This security flaw present in macOS 10.13.1 was discovered  by developer Lemi Orhan Ergan on Twitter. Apple is yet to release a patch for it, but has released a work around on their support page. Basically you can change the root password or disable the root user all together. Apple advises that you disable the root user since that’s reserved for system administrative tasks.

Enable or disable the root user

Change the root password

Image: howtogeek.com

How to fix the macOS High Sierra root security flaw right now - 44How to fix the macOS High Sierra root security flaw right now - 83How to fix the macOS High Sierra root security flaw right now - 53How to fix the macOS High Sierra root security flaw right now - 71How to fix the macOS High Sierra root security flaw right now - 78How to fix the macOS High Sierra root security flaw right now - 13How to fix the macOS High Sierra root security flaw right now - 69How to fix the macOS High Sierra root security flaw right now - 74