Again, Apple? macOS High Sierra allows you to change App Store options with any password

Part of the recent Apple controversy has resided in security bugs that are, to say the least, ridiculous like that of unlocking administrative actions using login root without any password. However, even correcting this problem and the commitment to give more quality control of its software and updates, Apple remains in a situation where it must trim certain edges.

It is not surprising, for example, that the Open Radar currently have an authentication bug record in the App Store settings panel, within System Preferences (System Preferences) of macOS High Sierra. Thanks to him, these settings can be unlocked to change an administrator user with any password entered in the (now almost fatal) security popup.

Mac App Store preferences in macOS High Sierra

Of course, it is worth remembering that, by default, the first login created on a Mac has administrative privileges and these settings are not blocked for most users thanks to that. Furthermore, the bug only manifests itself by accessing the Mac App Store settings panel as an administrator, locking it in the lock, and trying to unlock it in sequence.

It is not a serious problem like the previous one (these options are not considered sensitive, incidentally) and it is already fixed in the last beta version of macOS 10.13.3. But this is really the kind of thing that shouldn’t go through a typical quality control

via MacRumors