Update from Apple, 16:40:
Apple have released a security update which patches the vulnerability that allowed an attacker to bypass administrator authentication without supplying the administrator's password. It is essential that you install this update as soon as possible.
We have been notified of a bug in the High Sierra operating system on Mac devices that allows access to the root account of the machine without a password.
If you have a Mac OS device enrolled in Computing Services Mobile support (Jamf) then you should already be protected.
Apple have issued this advice:
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. Please follow the instructions to enable Root User and to set a password. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section."
When an update is available, ensure that you apply this as soon as possible.
If you need advice on this issue or device security, please contact the Service Desk.