May 25, 2018

Apple Has Yet Another Password Bug in macOS High Sierra

12 January 2018, 09:25 | Marlene Myers

Another macOS High Sierra bug allows App Store menu to be unlocked with bogus passwords

Another macOS High Sierra bug allows App Store menu to be unlocked with bogus passwords

A new bug has been introduced with macOS High Sierra 10.13.2 (17C88) which allows any admin account to access the App Store preferences from the System Preferences application with an incorrect password. That bug allowed users to log into a system by typing "root" for a login, then hitting enter for a login attempt several times in a row. MacWorld reports that the flaw may be fixed by version 10.13.3, as users running that beta of macOS can't reproduce this flaw.

A password prompt then pops up, but the user is able to type in any string of text, and the "password" is accepted, unlocking the preferences panel.

Apple's Mac password troubles aren't over yet. If an attacker is able to open App Store preferences, they are also able to disable automatic downloads of macOS security and app updates, leaving victims vulnerable in the future. The bug only works when you're logged into an administrative account, but it's another example of how Apple seems to have dropped the ball on setting user policies and permissions properly.

"This needs admin access to the machine already and only affects the AppStore prefs", Holtman wrote.

First, an attacker would need to have physical access to the device itself and either have the administrator's password (which would allow them to make changes to the system even if the login requirement worked properly) or gain access while an administrator is already logged in. "All other system prefs do not unlock this way".

Southampton to move in for Arsenal's 100 club goal scorer
Niasse came close to joining Crystal Palace in the summer, so the Eagles may yet get their man in the January transfer window. He has gone on to make over 400 appearances for the Gunners, racking up more than 100 goals in the process.

Florida's tourism industry saved from more offshore drilling
Today, he opposes an expansion. "I don't want your kids ever to fight on foreign shores for a resource we have here", Zinke said . The issue is particularly thorny for Scott and Rooney, who have been very vocal about their support for President Trump.

France's Macron Says He Wants Law To Combat Fake News
He has been particularly critical of Russian media, openly accusing it of spreading lies about him on websites and social media. He said authorities may be granted emergency legal powers to remove content or block " fake news " websites.

Still, the discovery of another hole in the macOS security settings is likely to prove yet another pain in the collective rear end for Apple's engineers.

This is not first time in recent weeks that Apple's Mac operating system has been beset by password issues.

After a unsafe macOS flaw left some proverbial egg on Apple's face at the end of 2017, it probably didn't want to start 2018 with another issue on its hands. The bug does not exist in macOS Sierra version 10.12.6 or earlier.

The "embarrassing" loophole in MacOS High Sierra lets anyone with access to your machine bypass your password.

Other News

Trending Now

Over 300 Arrested in Tunisia as Protests Expand
The protests draw on anger over price and tax increases included in this year's budget that took effect on January 1. Twenty-one members of the security forces were injured, according to Chibani, who said no civilians were hurt.

Final Fantasy XII: The Zodiac Age Hits PC in February
Compatible with 21:9 ultra-wide monitors - Up to three HD monitors can be used for a potential 48 (16×3):9 experience. Dissidia Final Fantasy NT will launch on PlayStation 4 on January 30, 2018.

Golden State Warriors vs. Houston Rockets Odds, Analysis, NBA Betting Pick
Stephen Curry led the Warriors with 29 points on 10-of-20 shooting from the field, 4-of-10 from 3, 9 rebounds and 5 assists. But the Rockets' long-term goal is to have a lineup that can get hot and outscore the Warriors in four out of seven games.

Two Reuters reporters due in court in Myanmar
Adler said he was "extremely disappointed" by the charges and again called for Wa Lone and Kyaw Soe Oo to be released immediately. Local journalists who gathered outside the court showed solidarity by wearing black to protest the arrest of the two men.