Many Mac news sites and blogs are reporting about a way that someone can gain access to your Mac without your password. However, the danger is usually overstated as someone needs physical access to your Mac to use the exploit. In this video I'll show you the problem and also a simple way to prevent it. However, Apple will probably have a fix for this in the next few days or even hours.
Update: Apple security update 2017-001 fixes this. Released today. Go to the App Store, Updates to get the patch. https://support.apple.com/en-us/HT201222