Serious bug in administrative authorisation for software update in Ventura?

Well 99% of Mac users have one account, the first account and never create a secondary account.

But now you know there are potential gotcha's to worry about when you setup a multiple user Mac or attempt to move accounts around or remove accounts.

It is deliberate. The system part of macOS is read-only and a bootable APFS snapshot is created then signed and sealed. Apple updates are also signed by Apple and trusted. Apple Silicon hardware is strict about that chain of trust so it's impossible to boot from an external drive if the internal SSD is blank or damaged. You must use a working Mac with Apple Configurator 2 that obtains macOS online and delivers it to a Mac in DFU mode. This is to preserve that chain of trust. Apple Silicon Macs add the Erase all Settings and Content feature from iOS / iPadOS so you can factory reset an Apple Silicon Mac. No need to wipe and install via external flash drive which will no longer work and Internet Recovery is not available on Apple Silicon M1 / M2 Macs.

3rd party software cannot install without admin rights but Apple updates coming through the chain of trust will install without admin rights going forward.

Apple has adopted the newer mobile software update (MSU) process for macOS 12.6.1 Monterey and in macOS Ventura, from its origins on iOS. That allows for major and minor updates to be smaller, depending on the origin OS and the target OS.

• Delta updates do not require admin rights to install
• Delta updates are substantially smaller 
• Delta updates install substantially faster

Because Apple can verify the chain of trust from the hardware to the OS they can install delta reduced size updates without administrative rights.

Best practice is not to mess around with the initial admin account created when installing macOS. It has special properties and is more trusted than all subsequent accounts. It would be better to create additional accounts but leave the first account alone. Flip-flopping your initial account admin rights with a newly created user account is quite risky.

tutlek wrote:

the standard advice at the time was to have a separate administrative account and not to use that account for daily work with the Mac. So I have been practicing this since that time.

There is nothing wrong with that. I think you just had a funky way of doing it. I agree that there could be some risk to that due to group ownership of files and directories. If you want to use a standard account, it is better to just continue as before and setup an initial admin account. But only use that admin account to create a new standard account. Then use that standard account for all day-to-day use. In most cases, it won't be a problem. If you are prompted for administrator credentials, then you will have to supply both the administrator user account and password.

For most end-users, I would recommend the default. When you create a new account, it gets created as an administrator account. Then you just use that account. No worries. If you want to make a separate, backup account with administrator privileges to use in case something goes wrong with your primary account, go for it. No harm there.

Sometimes there are bugs in 3rd party and Apple software when using a standard account. If you are prepared to deal with them, then you shouldn't have a standard account. The only people who really need to use a standard account are macOS developers and enterprise setups with their funky enterprise things. For example, I normally use a standard account so I know when my own app behaves differently with more restricted permissions. But I'm a developer, don't do what I do. For any non-developer activities, I always stick with defaults unless I have a very good reason not to.