This was posted on Neowin.

The news came via a Swedish hacker, who found the so called “rootpipe” vulnerability in older versions of Apple’s OS. He then discovered that with some small modifications the same exploit could be used on Yosemite.
Rootpipe allows a malicious attacker to gain root privileges from an admin account and run sudo commands, bypassing the usual security employed by the OS. Kvarnhammar, the hacker who discovered the flaw, did not want to disclose further info on the flaw, while we wait for Apple to patch it – a timeframe tentatively set for January 2015.
Until then the usual safety recommendations apply, such as not using admin accounts for day to day operations, and turning on hard-drive encryption if you handle sensitive data.