ibusinesslines.com
ibusinesslines.com September 26, 2018


MacOS App Store Preferences Open With Any Password

12 January 2018, 06:08 | Justin Tyler

MacOS App Store Preferences Open With Any Password

MacOS App Store Preferences Open With Any Password

It seems that this issue is limited to the App Store section in System Preferences, meaning that it isn't as widespread as the previous bug.

Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system.

An Apple developer has uncovered another embarrassing vulnerability in macOS High Sierra, aka version 10.13, that lets someone bypass part of the operating system's password protections.

Changing these settings can turn off automatic updates for macOS, including security and app updates.

With I Am Root still fresh in the memories of users and the recent hoopla over Meltdown and Spectre not yet died-down, this comes at a particularly unwelcome time. The bug was spotted by MacWorld, which also notes that it's most likely the bug will be fixed in the next update as users running the 10.13.3 beta haven't been able to reproduce it.


The login prompt simply accepts the incorrect password and unlocks, as long as you are still logged in as a local admin. You do need to login as an administrator, which is supposed to unlock preferences, but you're allowed to use any password you like if the preference is locked and you need to get access again.

The bug is nowhere near as risky as the root-access security flaw that was uncovered past year, whereby attackers could gain root access to MacOS computers by typing "root" in the username field and leaving the password field blank. Thankfully Apple was quick in issuing an update that fixed the problem, but now it appears that a new password bug has appeared.

'Our customers deserve better. There's no current workaround to this issue, so the only real option is to wait for Apple to provide a solution. "We are auditing our development processes to help prevent this from happening again", the company said in a statement to UberGizmo.

The attacker would then need to change settings on the computer to establish a "root" account, which they could later access.



Other News

Trending Now

MI made great again with $1 BILLION Chrysler Investment
Some of that money was earmarked for Warren, where FCA said it plans to start making the Jeep Wagoneer and Grand Wagoneer by 2020. The company said roughly 60,000 hourly and salaried American workers will receive an additional $2,000, according to Reuters.

Iran arrests dozens for 'terrorist' acts linked to protests
Iran has accused the U.S., Israel and other foreign powers of inciting violence to try and overthrow the Islamic Republic. On Monday, a separate judiciary official announced that a detainee had committed suicide in Tehran's Evin prison.

Antonio Conte: 'Anything is possible with my Chelsea future'
Antonio Conte has insisted his feud with Jose Mourinho is personal and that nobody should intervene. But I've got to say that Manchester City have been spending £200-250 million every year.

Taylor Swift's New 'End Game' Video Has Arrived
I have to admit, the video looks pretty with all the bright lights and late night parties. The " End Game " music video does not feature Katy Perry .

Instagram is letting some users share their Stories on WhatsApp Status
According to a Brazilian blog , Instagram is testing a way through which its users can directly post their Stories on WhatsApp . The reason behind this move is simple: "make it easier to share any moment with the people who matter to you".

Alabama, 5 Auburn alumni remain in Super Bowl chase
The Jaguars beat the Steelers 30-9 back in September, marking as Pittsburg's worst loss of the season. As a result, the Eagles are the sixth choice when it comes to winning the Super Bowl.

All-Star votes not kind to OKC
The Houston Rockets' James Harden has 978,540 votes and the Oklahoma City Thunder's Russell Westbrook 791,332. At third is Sixers' Ben Simmons (397,942), with Indiana Pacers guard Victor Oladipo close behind (385,448).