The practical threat of this exploit is fairly low, as it requires that someone have physical access to your Mac. You could also thwart it by setting a root password. The concern, of course, is that this is a disconcertingly simple trick -- it wouldn't take much for someone to access your unattended MacBook in a coffee shop. As good as it is that Apple is fixing the bug quickly, it ideally wouldn't have been there in the first place.

Update: Apple has issued a statement on the patch. It apologized for the flaw, noting that "customers deserve better," and is reviewing its "development processes" to prevent a repeat. Also, you'll soon have this update as a matter of course: Apple will automatically install it on all systems running macOS 10.13.1 sometime later today. You can read the full statement below.