Home / App / macOS High Sierra flaw unlocks App Store System Preferences with any password, fixed in latest beta

macOS High Sierra flaw unlocks App Store System Preferences with any password, fixed in latest beta

There’s a newly discovered security hole in the current version of macOS High Sierra that allows anyone with access to your Mac to unlock your App Store System Preferences without your system password. The impact of this vulnerability doesn’t appear to be severe, but the security feature clearly isn’t working as intended.

9to5Mac Happy Hour

The security hole was first publicized from a bug report posted on Open Radar and shared by MacRumors. As the report mentions, the security flaw is present in macOS 10.13.2 which is the current public version of macOS High Sierra, but resolved in the latest beta version of macOS 10.13.3.

We tested this on both the public version and developer beta version of macOS High Sierra and confirmed the issue and fix on our machines as well.

The flaw allows anyone with access to your Mac to enter any password in the App Store section of the System Preferences app which clearly shouldn’t happen. The flaw follows a series of notable security bugs that shipped in recent weeks including the notorious root access flaw that allowed anyone to access critical account settings and more.

The good news is that this bug appears to be limited to the App Store preference page as the padlock does not unlock other sections within System Preferences, so user accounts and other settings can’t be changed.

Many of the settings within the App Store System Preferences window are also protected behind your Apple ID password and can’t be changed using this method, but a nefarious user with physical access to your Mac could toggle the options that fall under the automatic update section.

It’s not known when the fix that is included with macOS 10.13.3 beta will ship to all customers, but hopefully the update will reach users soon.


Subscribe to 9to5Mac on YouTube for more Apple news:

Source

Check Also

Meet ‘Streety,’ An App That Lets You Stream Your Neighbors’ Security Cameras

Fintech: How apps like Paypal are reshaping business The importance of home and neighborhood safety can be supplemented by security camera footage shared via a private network. Streety is programmed to safely share and request video from users within a community.  ( Streety | YouTube ) Security cameras are a great crime deterrent for any...

Lead Google Duo engineer teases group calls, web app, and more

Group calls in Duo might finally be a thing. Although it still isn’t quite as …

Privacy App Telegram Plans Mass Crypto ICO

Privacy App Telegram Plans Mass Crypto ICO | Fortune Privacy App Telegram Plans Mass Crypto …

Leave a Reply

Your email address will not be published. Required fields are marked *