A bug report on Open Radar shows a security hole in Apple’s MacOS 10.13.2 update. It lets users change App Store settings without a real password in five steps or fewer. The issue appears to be resolved in the upcoming 10.3 update. The bug is not as serious as gaining root access to a machine with no password, but a malicious user could easily turn off automatic updates to leave a machines current bugs unpatched, leaving a machine’s current bugs untouched.”]
Source: https://gizmodo.com/yet-another-password-vulnerability-has-been-found-in-ma-1821967078

