Published: Fri, January 12, 2018
Science | By Hubert Green

Apple Has Yet Another Password Bug in macOS High Sierra

Apple Has Yet Another Password Bug in macOS High Sierra

This means that if your account is an admin and you leave the computer unattended, anyone can change the App Store settings on the Mac without your knowledge.

According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. Anyone with access can enable or disable settings related to automatically installing MacOS software, security and app updates.

A recently-discovered bug in macOS High Sierra allows any local admin access to the App Store preferences without the correct password.

After the high profile discovery of the security hole that allowed users to bypass the login for macOS, its now the System Preferences app that has been found accessible using any password.

Coming soon after a previous "root user" password flaw discovered in December, as well as the Meltdown and Spectre chip flaws, the timing is likely to shake consumer confidence, however. He writes in the summary section, 'The AppStore Preferences in System Preferences can be unlocked by a local admin with any bogus password'.

Past year some of you might recall that Apple's macOS High Sierra had a security flaw/bug which allowed users to gain admin access without the need for a password. Then click on the padlock again to unlock it and a prompt should pop up where you can enter your username and password.

This is not first time in recent weeks that Apple's Mac operating system has been beset by password issues.

Regarding the root flaw, an Apple spokesperson said: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused".

High Sierra (10.13.2) appears to be the only vulnerable version of the OS at present; the vulnerability doesn't appear on MacOS 10.12.6 or earlier.

'Our customers deserve better.

Apple has reportedly fixed the new bug in the beta version of macOS 10.13.3, its upcoming High Sierra update expected to release to the general public sometime this month, according to MacRumors.

Like this: