macOS High Sierra bug Allows You to Unlock Mac App Store System Preferences Using any Password

Author Photo
Jan 11, 2018
19Shares
Submit

Another password related bug has surfaced in macOS, but this one lives inside the System Preferences for the Mac App Store.

Another Password Related Bug Surfaces in macOS. Allows You to Access the Mac App Store System Preferences Using any Password.

Here’s a cool, yet alarming, party trick you can pull off right now. Head over to System Preferences on your Mac, then click on the App Store. Once here, click on the ‘padlock’ icon to unlock it. When prompted, enter your username and any password at all. Then click on Unlock.

mac-security-2Related “I Can Be Apple, and so Can You” – Researcher Reveals an 11-Year-Old Code Signing Flaw in macOS / OS X

See what happened there? You just unlocked the Mac App Store preferences page using any password of your choice.

A few things to note here: first and foremost, this bug works on macOS 10.3.2 High Sierra, which is the current and latest public release of Apple’s desktop operating system. Furthermore, this only works on an administrator level account. If you do not have those privileges on the Mac, then it will not work. Last but not the least, this bug has been fixed in macOS 10.3.3 High Sierra, which is currently in beta and set for release very, very soon.

Is Apple aware of this problem? Yes, it is. It’s even embarrassed by it and has ensured that it is going to audit its development process so that such a thing does not happen in the near future. Here’s the full statement:

apple-wwdc-2017-2Related Here’s When Apple’s WWDC 2018 Event Will Start In Your Region

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

This is not the first time Apple has had trouble with ‘passwords.’ A little while back it was revealed that anyone could grant themselves administrator privilege as long as you use ‘root’ as your username and leave the password field blank.

Needless to say at this point that such things are happening more frequently on a platform which Apple used to tout as watertight a few years back. Tim Cook and his merry men really need to look into this matter pronto.

Source: Open Radar

Submit