Correction: Brian Krebs points out that the High Sierra root bug is exploitable remotely if the attacked machine has Screen Sharing enabled. Probably a good idea to change the root password on all Macs ASAP.