....[T]he flaw allows anyone to log in under a Mac's "root" System
Administrator without the need for a password. In practice, the exploit
merely requires access to System Preferences, and can be performed in a
matter of seconds. Nefarious users can also exploit the bug to bypass a
Mac's lock screen.
"We are working on a software update to address this issue," Apple said.
"In the meantime, setting a root password prevents unauthorized access
to your Mac. To enable the Root User and set a password, please follow
the instructions here: https://support.apple.com/en-us/HT204012. If a
Root User is already enabled, to ensure a black password is not set,
please follow the instructions from the 'Change the root password' section."