On Tuesday, a macOS 10.13.1 security issue was revealed. Everyone could gain root access to your system simply by abusing the unlock button with root username entered with empty password field.
How to reproduce:
To check if your OS X machine is affected simply go to:
Preferences -> Users & Groups -> Click on Unlock button and then enter root as username and leave the password field empty. Click multiple times on the Unlock button and if you're affected, you will gain root access.
How to fix:
Apple has released an official fix for the issue via a security update. You can install the update by launching the App Store app, and then click on Updates. Press Command-R to reload the Updates page to see new updates. It will appear as “Security Update,” and you can click on the Update button to install it. Your Mac does not need to restart.
Simply set a password for the root account by opening the Terminal and entering the following command:
sudo passwd -u root and then enter the new password.