New macOS High Sierra Password Flaw Discovered

Share

No doubt they would have hoped it wouldn't get discovered as well and save them the embarrassment of having to deal with another security hole with the macOS within just months.

Cementing January as the worst month of the year, at least for Apple, another bug has been uncovered in MacOS High Sierra.

An Apple developer has uncovered another embarrassing vulnerability in macOS High Sierra, aka version 10.13, that lets someone bypass part of the operating system's password protections. The whole process can be completed within five steps. This time, it is the App Store System Preferences that has been found to be accessible to anyone using any password.

'We greatly regret this error and we apologize to all Mac users, ' Apple said in a statement at the time. However, the report notes that the particular login attempt also accepts incorrect login credentials, provided that the user is logged in as the local admin.

Once Unlock is cliched, the App Store preferences can be accessed, as explained by a bug report submitted by Open Radar. By managing the victim's security updates, for example, the hacker can ensure that the victim does not have the latest software to give them optimum security protection. And of course, this illustrates that the company still has avoidable security hiccups to address.

Numerous settings within the App Store System Preferences window are also protected behind your Apple ID password and can't be changed using this method, but a nefarious user with physical access to your Mac could toggle the options that fall under the automatic update section.

Hackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system. The flaw enabled any individual to log into a device by simply using the word "root" as a username and a blank password as login credentials.

It's not known when the fix that is included with macOS 10.13.3 beta will ship to all customers, but hopefully the update will reach users soon. According to MacRumors, this update will become available later in January.

Share