Recently, Apple is not all that smooth in terms of operating system security.
Not so long ago, a bug was discovered that allows access to “root” on a Mac without a password, and now everyone is talking about new vulnerabilities of processors that threaten many devices.
For the vulnerability of processors, Apple does not respond, but the oversight, which allows to penetrate into another’s Mac as a superuser without a password, is serious. Apple fixed that bug, but another similar one was discovered. It allows users to access the App Store settings in macOS, too, without a password. The problem was found in macOS High Sierra 10.13.2 – the latest public version of the system available. However, in the beta versions of macOS 10.13.3, the bug has already been fixed. Accordingly, Apple is aware of the problem and has even fixed it.
It is worth noting that the bug applies only to those who logged on as administrator, and not through a regular account. By default, the App Store settings are already open in the administrator account so you can argue how serious the problem is. However, Apple should still not allow anyone to enter other people’s settings without a password.
If you want to try using a bug yourself, do the following:
Step 1 : Go to System Settings> App Store.
Step 2 : Click on the lock icon to protect the settings if they are open.
Step 3 : Now click on the lock again to open the window.
Step 4 : Enter your login, and in the password field – anything.