A new password bug has been discovered in the latest version of Apple’s Mac OS. It allows anyone with access to your Mac to unlock App Store menu in System Preferences with any password or no password at all. The vulnerability affects Mac users running 10.13.2 and requires the attacker to be logged in with an administrator-level account for this vulnerability to work. Once done, you’ll gain full access to App Store settings, allowing you to modify settings like disabling automatic installation of macOS updates, app updates, system data files and security updates that would patch vulnerabilities.
Source: https://thehackernews.com/2018/01/macOS-high-sierra-password.html