If you are referring to this:
Current Superuser/SuperSU releases have security holes that allow any application to execute commands as root without the user's permission (even apps with no permissions). Please upgrade immediately to SuperSU >= v1.69 or another patched release.
The device is on one of the latest SuperSUs 1.80 and then updated to 1.85, and never on SuperSU =< v1.69
Regarding the System User Request, Is below what you are referring to?
Originally Posted by cernekee
On a rooted Android <= 4.2.x device, /system/xbin/su is a setuid root binary which performs a number of privilege checks in order to determine whether the operation requested by the caller should be allowed. If any of these checks fail, the denial is recorded by broadcasting an intent to the Superuser app through the Android Activity Manager binary, /system/bin/am. /system/bin/am is invoked as root, and user-supplied arguments to the "su" command can be included on the "am" command line.
On a rooted Android >= 4.3 device, due to changes in Android's security model, /system/xbin/su functions as an unprivileged client which connects to a "su daemon" started early in the boot process. The client passes the request over a UNIX socket, and the daemon reads the caller's credentials using SO_PEERCRED. As described above, /system/bin/am is called (now from the daemon) to communicate with the app that implements the user interface
If I understand this properly, it's saying SuperSU accesses some functions as the System User 1000 on Android devices previous to OS version 4.3
On Android 4.3 and newer, SuperSU access those same functions without using System User 1000.
This would explain why this permission request does not appear on my Android 4.3 device, but it does on my Android 4.1.2 device.
Is this the correct understanding?
Please Thanks if it helped!