Another password-related bug has been discovered in macOS High Sierra, this time in the App Store Preferences in the Settings.app.
Joe Rossignol, reporting for MacRumors, says:
The security vulnerability means that anyone with administrator-level access to your Mac could unlock the App Store preferences and enable or disable settings to automatically install macOS updates, app updates, system data files, and, ironically, even security updates that would fix a bug like this one.
This sounds really embarrassing for Apple, but this is far from being a major bug. First, the App Store preferences are unlocked by default for admin users — and it doesn’t work for/affects the non-admin users. Additionally, if anyone with malicious intent has admin access to your Mac, there’s a lot worse that is possible. That’s not to say that this bug shouldn’t be taken seriously. Apple has already fixed this bug in the beta of its upcoming High Sierra release.
I’d love to join Apple’s QA team. Seriously!