Apple are having to rush a patch out for users of the MacOS High Sierra. There is a bug that allows someone with physical access to gain root access without a password, and it can be exploited if someone is given Remote Access to the device. You can download the patch from the Mac app store and they are releasing the patch to auto update affected devices so you can make the choice about how soon you want it fixed.
To read an article about it see the following:
I’ve come up blank on what to say about the password issue.
Completely empty on it as well 
Rare slip up for our Apple friends . Still shows they are human like the rest of us .
They rooted it! 
Tamas my friend that is an understatement . 
The fix applied automagically to my Mac late yesterday
This is why we need to learn how to drive our computers properly… there are always holes and bugs in software… most just haven’t been found yet (the rest were built in).
