Recently, Apple has not been doing so well in terms of operating system security.
Not so long ago, a bug was discovered that allows access to 'root' on Mac without a password, and now everyone is talking about new processor vulnerabilities that threaten many devices.
He is not responsible for processor vulnerabilities Apple, but an oversight that allows you to get into someone else's Mac as a superuser without a password is serious. Apple fixed that bug, but another similar bug was found. It allows users to access settings App Store on macOS without a password too. The problem was found in macOS High Sierra 10.13.2 – the latest publicly available version of the system. However, in beta versions of macOS 10.13.3 the bug has already been fixed. Accordingly, Apple is aware of the problem and has even fixed it.
It should be noted that the bug only affects those who are logged in as an administrator, and not through a regular account. By default, the settings App Store are already open in the administrator account, so you can argue how serious the problem is. However Apple should still not allow anyone to enter someone else's settings without a password.
If you would like to try the bug yourself, do the following:
Step 1: Go to System Preferences> App Store.
Step 2: Click on the lock icon to protect the settings if they are open.
Step 3: Now click on the lock again to open the window.
Step 4: Enter your username, and in the password field – whatever.
Step 5: You should be able to open the settings.