ibusinesslines.com March 20, 2018

MacOS App Store Preferences Open With Any Password

12 January 2018, 06:08 | Justin Tyler

macOS App Store Preferences Open With Any Password

MacOS 10.13 High Sierra Update: Security Bug Allows Settings Changes Without Password

It seems that this issue is limited to the App Store section in System Preferences, meaning that it isn't as widespread as the previous bug.

Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system.

An Apple developer has uncovered another embarrassing vulnerability in macOS High Sierra, aka version 10.13, that lets someone bypass part of the operating system's password protections.

Changing these settings can turn off automatic updates for macOS, including security and app updates.

With I Am Root still fresh in the memories of users and the recent hoopla over Meltdown and Spectre not yet died-down, this comes at a particularly unwelcome time. The bug was spotted by MacWorld, which also notes that it's most likely the bug will be fixed in the next update as users running the 10.13.3 beta haven't been able to reproduce it.

The login prompt simply accepts the incorrect password and unlocks, as long as you are still logged in as a local admin. You do need to login as an administrator, which is supposed to unlock preferences, but you're allowed to use any password you like if the preference is locked and you need to get access again.

The bug is nowhere near as risky as the root-access security flaw that was uncovered past year, whereby attackers could gain root access to MacOS computers by typing "root" in the username field and leaving the password field blank. Thankfully Apple was quick in issuing an update that fixed the problem, but now it appears that a new password bug has appeared.

'Our customers deserve better. There's no current workaround to this issue, so the only real option is to wait for Apple to provide a solution. "We are auditing our development processes to help prevent this from happening again", the company said in a statement to UberGizmo.

The attacker would then need to change settings on the computer to establish a "root" account, which they could later access.

Other News

Trending Now

Year-Old Survivor Of Texas Church Shooting Leaves Hospital
The outpouring of support will continue Thursday, as Sutherland Springs residents line the street to cheer on Ward's return home. According to University Hospital, Ryland was the facility's final patient from the Sutherland Springs shooting .

GM debuts self-driving auto with no steering wheel
They feature a large array of sensors on the roof that will be engineered to pass crash tests with the rest of the vehicle. Instead, the auto has several interior screens that passengers can use to communicate with the vehicle.

Homicide suspect is killed after ambushing cops, shooting officer
At about 3:50 p.m., police said that Bennett was the only suspect and that detectives believe he took their 3-month-old baby. She has been identified as 24-year-old Brittany White, the first homicide victim of 2018 in the Queen City.

'Dixie' dropped from name of Dolly Parton's dinner show
Officials said the existing locations re-open for the 2018 season from late January through early spring depending on location. Music legend and celebrity Dolly Parton has altered the name of her popular tourist attraction near her hometown in Tennessee.

Huge blaze erupts at Nottingham train station as crews scrambled
East Midlands Trains said while no-one was injured and everyone was accounted for, all services, including, have been disrupted. An East Midlands Trains spokesman said: "Emergency services have been called to Nottingham station to deal with a fire".

All-Star votes not kind to OKC
The Houston Rockets' James Harden has 978,540 votes and the Oklahoma City Thunder's Russell Westbrook 791,332. At third is Sixers' Ben Simmons (397,942), with Indiana Pacers guard Victor Oladipo close behind (385,448).

Samsung Galaxy S9 Trashes CES Hopefuls!
Most leaks point to the launch of the Samsung Galaxy S9 at the MWC 2018 , however accurate pricing details are not known yet. Both the smartphones will be running on the recently launched Snapdragon 845 processor and Samsung's own Exynos 9810.