A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all. The vulnerability impacts macOS version 10.13.2 and requires the attacker to be logged in with an administrator-level account for this vulnerability to work.
If you're running latest macOS High Sierra, check yourself:
- Log in as a local administrator
- Go to System Preferences and then App Store
- Click on the padlock icon (double-click on the lock if it is already unlocked)
- Enter any random password (or leave it blank) in login window
- Click Unlock, done!
Once done, you'll gain full access to App Store settings, allowing you to modify settings like disabling automatic installation of macOS updates, app updates, system data files and even security updates that would patch vulnerabilities.