Apple Has Yet Another Password Bug in macOS High Sierra

MacOS password bug

A bug in macOS version 10.13.2 allows a local admin to access App Store preferences by using any incorrect password.

Reproducing the problem is pretty easy, according to MacRumors and the original bug report. They could loosen your password restrictions for downloads (say, to go on a shopping spree without your consent) or force automatic updates if they know a newer app or OS release is vulnerable.

Cementing January as the worst month of the year, at least for Apple, another bug has been uncovered in MacOS High Sierra. According to the Open Radar listing, the bug is not reproducible on High Sierra 10.13.1 nor can a non-admin account gain access. Click unlock, and there you have it. A user would just need to log in as a local admin, click System Preferences, select App Store, click the padlock icon to lock it (if it's unlocked), click the padlock again to unlock it, enter any phony password, click Unlock, and voila.

Turkey 'summons top United States diplomat' over Syria Kurd forces
The Russian military said that the attack originated from the village of Muazzara, which is located in the Idlib region of Syria . The ministry said last week that two Russian service personnel were killed in a mortar attack on the Hmeimim base on December 31.

Assuming the attacker would be able to gain such access, they would still only be able to change the user's preferences in the App Store. If it is unlocked, lock it and then try unlocking it using your username and any password.

In order to reproduce the bug, a user can start by logging in as an admin. Other preferences, such as Users and Groups, are not affected. Macrumors states that it can not reproduce the error on the beta versions of macOS 10.13.3, suggesting it'll be fixed in an upcoming release.

So it appears to be only in 10.13.2 and possibly the earlier betas of 10.13.3.

'Dolly' Everett memorial: Family make emotional plea as bullied teen remembered
The family has asked mourners to donate to "Dolly's Dream" a trust set up in their daughter's honour, in lieu of flowers today. Dolly's death has sparked both sadness and outrage among many families, including those from rural and regional Australia.

All in all, this isn't a huge security risk, but it is a concern in the sense that it wasn't caught by Apple sooner.

Perhaps the strangest and most troubling part of the bug is the fact that it does prompt the user to login as is typically required any time settings are changed within the operating system-but it doesn't matter if the user actually enters the password.

'Our customers deserve better. "We are auditing our development processes to help prevent this from happening again", Apple said, reported MacRumors.

Seal slams Oprah's "sanctimonious" speech, says she knew all along
But the singer has accused the media maven of being an example of " sanctimonious Hollywood ", reports an entertainment website. Someone from his team reached out to her to see if she would talk to him, and she said she would if it was for an interview.

Related News:



Most liked

Assassin's Creed Rogue Is Being Remastered For PS4 And Xbox One
Ahoy, mateys! Ubisoft has announced that Assassin's Creed Rogue Remastered - also known as " Black Flag 2" - is real. The Siege of Fort de Sable is a bonus fort raiding mission set in an unexplored northern territory of the New World.

Russia Investigation Will Produce More Indictments in 2018, House Judiciary Democrat Predicts
As of press time , neither Trump nor the White House have issued a statement about the New York Times report in question. Trump and other politicians have alleged , a dossier compiled by a former British spy hired by a rival campaign.

Indian WhatsApp users sent 20 bn messages on New Year's Eve
When Instagram users press the "add to story" button, they will see a new menu with the option to share to WhatsApp . The Stories are protected by the same encryption method used throughout WhatsApp and disappear after 24 hours.

Salah and Sturridge train ahead of Liverpool's clash with City
If anything, the margin of victory flattered Liverpool - such was the dominance City had, it could have been more. One of their biggest obstacles to doing so comes on Sunday, as they travel to Anfield to take on Liverpool .

Pair Carjacked Victim At Gunpoint, Used Vehicle To Commit Armed Robbery
Warrants have been obtained for 22-year-old Curtez Woods who has been charged with Armed Robbery Burglary and Aggravated Battery. Maryland State Police are searching for two people wanted for holding up a convenience store in Salisbury late Monday night.

New Renderings of Chicago's Obama Library Released
Here's the most important thing: Michelle and I want this Center to be more than a building or a museum. The campus will be built in the historic South Side Jackson Park.

Hospital Dumps Patient Outside At A Freezing Bus Stop
He is heard in the video asking the hospital's security officers several times why they put the woman out of the hospital. Imamu Baraka is the man who shot the video and said he also spoke with the woman's mother.

Ed Sheeran accused of ripping off Aussie song
The plaintiffs claim that Holland shared Rae's " When I Found You " with the defendants "in an effort to gain exposure for Ms. In 2016, Busch was involved in the $25 million ($20 million) lawsuit against Sheeran for his song Photograph .

Altered Carbon trailer lays out the beginning of a mystery
Who is in the cast of Altered Carbon? The trailer establishes the mind-bending task set before Joel Kinnaman's Takeshi Kovacs. So far, we're loving the Blade Runner-esque visuals and we want to see more. "You shed it like a snake sheds its skin".

Senators Make Bets on Vikings-Saints Game
He is preparing for Sunday's game in Minnesota, with a trip to the NFC Championship on the line. The Sunday demonstration is planned for 2:30 p.m. outside the downtown Minneapolis stadium.

NBA Reveals All-Star Voting Returns: Giannis No Longer Top Vote-Getter
Cleveland LeBron James leads all players in the voting, bringing in 1.6 million. The two captains will then draft a team based on the pool of players.

Steelers prep for heavy dose of run game
However, over the last five games (including the wild-card round), the Jaguars have allowed just 121 rushing yards per game. Ben Roethlisberger completed 64.2 percent of his passes for 4,251 yards and 28 touchdowns against 14 interceptions.

Paris heist: Jewels reported stolen found -- at the scene
No one was injured, but witnesses reported hearing multiple gunshots and an officer used a Taser to stop the three suspects. The motorcyclist, however, dropped one satchel of loot after hitting a pedestrian in a melee fleeing the scene.

India's Infosys profits soar after TCS slide
Infosys has retained its 2017-18 dollar revenue growth of 5.5-6.5 per cent in constant currency (CC) terms. The shares of company ended on a higher note both on BSE Sensex and NSE NIfty.

Leaked retail box confirms some specs of Samsung Galaxy S9
Which ever processor brings the S9 its power, this device looks set to be the fastest and most efficient Galaxy to date. In a different report , Galaxy S9 Plus is rumored to come with a f/1.4 aperture in the rear camera.