Earlier today we reported about the macOS High Sierra vulnerability that gave anyone access to user’s personal data by bypassing admin authentication. Apple has now fixed the vulnerability in an update that has been released through the Mac App Store and is available for download. The Security Update 2017-001 is recommended for all users who are running macOS High Sierra on their computers.
In the change log details for the security patch Apple notes that this was a logic error that existed in the validation of credentials.
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
To update your Mac simply launch the Mac App Store, click on Updates section and download the update.