Jan 10, 2018

macOS High Sierra Flaw Allows You Unlock App Store Preferences With Any Password, But With An Admin Account

A new security hole was being discovered in the current version of macOS High Sierra that allowed the App Store menu in System Preferences to be unlocked with any password. It's worth to note here that it can't be accessed with a non-administrator account. And Apple already patched the bug in the latest macOS 10.13.3 beta.

In order to reproduce the issue on macOS High Sierra version 10.13.2, which is the latest public release of the operating system, you are required to use an administrator account. System Preferences, click on App Store, click on the padlock icon to lock it if necessary. click on the padlock icon again, enter your username and any password, and click Unlock.

This means that anyone with administrator-level access to your Mac could unlock the App Store preferences, and enable or disable settings to automatically install macOS updates, app updates. The good news is that this bug appears to be only limited to the App Store preference page, suggesting user accounts and other settings can’t be changed.

Apple will likely want to fix this latest security vulnerability as quickly as possible, so it's possible we'll see a similar supplemental update released, or perhaps it will fast track the release of macOS High Sierra version 10.13.3. As for macOS 10.12 or earlier version, we were unable to reproduce the issue on macOS Sierra version 10.12.6, suggesting the issue affects macOS High Sierra only.

Via MacRumors And 9to5Mac, Image Credit Wccftech

Post a Comment

Favourite Category

Click to see more!

Whatsapp Button works on Mobile Device only

window.matchMedia('(prefers-color-scheme:light)').addListener((e) => { e.matches // Determine wether query matched or unmatched }) const favicon = document.createElement('link') link.setAttribute('rel', 'favicon icon') head.appendChild(link) // Listen media change window.matchMedia('(prefers-color-scheme:light)') .addListener((e) => { if (! e.matches) { return } // Apply new favicon source const source = document.querySelector('link[rel*="icon",media="(prefers-color-scheme:light)"]') if (source === null) { return } link.setAttribute('type', source.type) link.setAttribute('href', source.href) })