Apple says the High Sierra security update fixes an issue where an application could gain elevated privileges through a memory corruption issue. It also fixes a problem where a flaw in URL handling in text messages could lead to UI spoofing.
The security update is free for macOS High Sierra 10.13.4 users through Updates tab in the App Store app. You can find it by going to Apple menu > App Store, then click the Updates tab. It’s also available as a stand-alone installer on Apple’s website.