Published: Fri, January 12, 2018
Sci-tech | By Carrie Guzman

Apple Has Yet Another Password Bug in macOS High Sierra

Apple Has Yet Another Password Bug in macOS High Sierra

We tested this on both the public version and developer beta version of macOS High Sierra and confirmed the issue and fix on our machines as well. Second, the ability to unlock these preferences with any password is only available to local admins, and standard user accounts aren't affected.

Experts say it is limited to the App Store and presents a relatively limited security risk. A user would just need to log in as a local admin, click System Preferences, select App Store, click the padlock icon to lock it (if it's unlocked), click the padlock again to unlock it, enter any phony password, click Unlock, and voila. A bug report on Open Radar submitted earlier this week detailed a security flaw found in the current version on macOS High Sierra - version 10.13.2 - that allows any user to unlock the App Store menu in System Preferences using any random password in less than five steps, MacRumors first reported. This allows you to change settings such as what updates to install, whether to install security updates, and more. Enter any username and password you want and press Unlock and the App Store system preferences will become unlocked. Macrumors states that it can not reproduce the error on the beta versions of macOS 10.13.3, suggesting it'll be fixed in an upcoming release.

Previous year some of you might recall that Apple's macOS High Sierra had a security flaw/bug which allowed users to gain admin access without the need for a password.

French police hunt two men after Ritz jewellery heist
Three men, all aged around 30, were arrested moments after the alarms sounded after security guards trapped them in the building. Police say some of the jewels stolen from the Ritz Hotel in Paris have been found but that two thieves are still on the run.

This is not first time in recent weeks that Apple's Mac operating system has been beset by password issues.

The bug, we gather, is fixed in the latest macOS 10.13 beta releases, and will be addressed in the next official release, too.

In November, Apple had to patch a vulnerability that allowed access to the root superuser account with a blank password. Our customers deserve better. Attackers could use that particular vulnerability to install malicious programmes, delete Apple IDs and anything else that they wanted to do. "We are auditing our development processes to help prevent this from happening again".

Like this: