The MacOs High Sierra root account bug is indeed serious, and it is indeed due to a really amazingly dumb failure in Apple’s QC checks. Bear in mind that the threat model entails physical access to the machine, and that there is a workaround in enabling a root account and giving it a decent password. For many users, there may not be much to worry about, and Apple will certainly issue a fix soon. Still, this is a really dumb bug.
Jarrod Whaley
@jbwhaley