[pain2022]

The problem is that one can change Apple ID password knowing only the pincode. No old password asked. This gives thief a full control of Apple ID

Settings -> Apple ID (top panel with name) -> Password&security -> Change password

[N_A_T_E]

Wow, I just tried and it’s very easy. Seems like a huge miss of privilege escalation allowing someone with the pin and phone to escalate to full password. This should require the old password or more steps.

[vucetica]

Someone on a different thread suggested to use the screentime (with a different passcode) and disable icloud settings. Works like a charm.