Security Update 2017-001 fixes the "logic error" that led to the vulnerability.

Yesterday we learned that Apple had made a serious security error in macOS—a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in "root" as the username and leaving the password field blank. Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store. Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.

Apple's brief notes for this security update (Security Update 2017-001) explain the bug by saying, "A logic error existed in the validation of credentials," and claims the problem has been addressed "with improved credential validation."

Apple shared the following statement with Ars:

"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8am, the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again."

There was a way for users to protect themselves before the update rolled out; we covered that and the specifics of the bug in detail yesterday. Essentially, it involved taking steps to secure the root account with a strong password. With this update ultimately installing automatically on affected systems, no further action should be required from general users.