January 22, 2018

Apple Has Yet Another Password Bug in macOS High Sierra

12 January 2018, 09:25 | Marlene Myers

Another macOS High Sierra bug allows App Store menu to be unlocked with bogus passwords

Another macOS High Sierra bug allows App Store menu to be unlocked with bogus passwords

A new bug has been introduced with macOS High Sierra 10.13.2 (17C88) which allows any admin account to access the App Store preferences from the System Preferences application with an incorrect password. That bug allowed users to log into a system by typing "root" for a login, then hitting enter for a login attempt several times in a row. MacWorld reports that the flaw may be fixed by version 10.13.3, as users running that beta of macOS can't reproduce this flaw.

A password prompt then pops up, but the user is able to type in any string of text, and the "password" is accepted, unlocking the preferences panel.

Apple's Mac password troubles aren't over yet. If an attacker is able to open App Store preferences, they are also able to disable automatic downloads of macOS security and app updates, leaving victims vulnerable in the future. The bug only works when you're logged into an administrative account, but it's another example of how Apple seems to have dropped the ball on setting user policies and permissions properly.

"This needs admin access to the machine already and only affects the AppStore prefs", Holtman wrote.

First, an attacker would need to have physical access to the device itself and either have the administrator's password (which would allow them to make changes to the system even if the login requirement worked properly) or gain access while an administrator is already logged in. "All other system prefs do not unlock this way".

France's Macron Says He Wants Law To Combat Fake News
He has been particularly critical of Russian media, openly accusing it of spreading lies about him on websites and social media. He said authorities may be granted emergency legal powers to remove content or block " fake news " websites.

Jon Gruden: 'I think I am being considered' by Raiders
With a move to Las Vegas on tap, it makes sense to hire a big-name coach , too. "I'm here to help people". After a debut season of 7-9, Del Rio followed that with a 12-4 mark and an AFC wild-card berth.

Selena Gomez unfollows Demi Lovato and more in shocking Instagram move
The 25-year-old " Wolves " singer recently posted a picture of herself in front of her childhood home in Texas. Now she is only following a whopping 37 accounts and majority are brands or organizations.

Still, the discovery of another hole in the macOS security settings is likely to prove yet another pain in the collective rear end for Apple's engineers.

This is not first time in recent weeks that Apple's Mac operating system has been beset by password issues.

After a unsafe macOS flaw left some proverbial egg on Apple's face at the end of 2017, it probably didn't want to start 2018 with another issue on its hands. The bug does not exist in macOS Sierra version 10.12.6 or earlier.

The "embarrassing" loophole in MacOS High Sierra lets anyone with access to your machine bypass your password.

Other News

Trending Now

NY may scrap its income tax for a payroll tax
But New York has high taxes and imposing a $10,000 cap will significantly raise taxes for many in the state. The GOP-controlled Congress passed the bill and President Trump signed it.

Two Reuters reporters due in court in Myanmar
Adler said he was "extremely disappointed" by the charges and again called for Wa Lone and Kyaw Soe Oo to be released immediately. Local journalists who gathered outside the court showed solidarity by wearing black to protest the arrest of the two men.

Central Okanagan sees big property value increase in 2018 BC Assessment
Assessments are the estimate of a property's market value as of July 1, 2017 and physical condition as of October 31, 2017. Ireland thinks the high demand for condos is simply due to the fact that they are less expensive than single-family homes.

Kane, De Gea snubbed in 2017 UEFA Team of the Year
Manchester City's Kevin De Bruyne and Chelsea's Eden Hazard have been named in UEFA's Team of the Year for 2017 . The team is voted for by fans with nearly nine million votes cast and lines up in a 4-4-2 formation.