There’s a newly discovered security hole in the current version of macOS High Sierra that allows anyone to change the App Store settings in System Preferences by entering anything as your password.
The security hole was first publicized from a bug report posted on Open Radar and shared by MacRumors. According to MacRumors, which was first to notice the bug report, the flaw is present in Apple’s latest 10.13.2 release. The issue cannot be reproduced in the latest 10.13.3 betas, so it seems Apple may already have a fix at the ready.
The flaw allows anyone with access to your Mac to enter any password in the App Store section of the System Preferences app which clearly shouldn’t happen. The flaw follows a series of notable security bugs that shipped in recent weeks including the notorious root access flaw that allowed anyone to access critical account settings and more.
The good news is that this bug appears to be limited to the App Store preference page as the padlock does not unlock other sections within System Preferences, so user accounts and other settings can’t be changed.