Security Flaw in macOS 10.13 Lets App Store Preferences Access with Any Password
Another major security flaw was discovered in Apple’s macOS High Sierra 10.13 operating system, which lets anyone accessing the App Store preferences panel with any password if it’s locked.
First spotted by MacRumors, there’s a bug report about an issue, discovered a couple of days ago by someone and reported on Open Radar, which lets anyone access the App Store panel in System Preferences with literally any password, if the padlock at the bottom left corner is closed and your Mac is unlocked.
Usually, that padlock isn’t locked, but its label says “Click the lock to prevent further changes” in the current version of macOS, a.k.a. High Sierra 10.13.2. Locking those settings should prevent someone from disabling automatic updates, as well as installing of new macOS versions, system data files, and security update.