Apple Has Yet Another Password Bug in macOS High Sierra

A screenshot of the login field for the App Store preferences on a Mac. Any password will do to long into the App Store preferences on a Mac running High Sierra

A bug in macOS version 10.13.2 allows a local admin to access App Store preferences by using any incorrect password.

Reproducing the problem is pretty easy, according to MacRumors and the original bug report. They could loosen your password restrictions for downloads (say, to go on a shopping spree without your consent) or force automatic updates if they know a newer app or OS release is vulnerable.

Cementing January as the worst month of the year, at least for Apple, another bug has been uncovered in MacOS High Sierra. According to the Open Radar listing, the bug is not reproducible on High Sierra 10.13.1 nor can a non-admin account gain access. Click unlock, and there you have it. A user would just need to log in as a local admin, click System Preferences, select App Store, click the padlock icon to lock it (if it's unlocked), click the padlock again to unlock it, enter any phony password, click Unlock, and voila.

Assassin's Creed Rogue Is Being Remastered For PS4 And Xbox One
Ahoy, mateys! Ubisoft has announced that Assassin's Creed Rogue Remastered - also known as " Black Flag 2" - is real. The Siege of Fort de Sable is a bonus fort raiding mission set in an unexplored northern territory of the New World.

Assuming the attacker would be able to gain such access, they would still only be able to change the user's preferences in the App Store. If it is unlocked, lock it and then try unlocking it using your username and any password.

In order to reproduce the bug, a user can start by logging in as an admin. Other preferences, such as Users and Groups, are not affected. Macrumors states that it can not reproduce the error on the beta versions of macOS 10.13.3, suggesting it'll be fixed in an upcoming release.

So it appears to be only in 10.13.2 and possibly the earlier betas of 10.13.3.

Hospital Dumps Patient Outside At A Freezing Bus Stop
He is heard in the video asking the hospital's security officers several times why they put the woman out of the hospital. Imamu Baraka is the man who shot the video and said he also spoke with the woman's mother.

All in all, this isn't a huge security risk, but it is a concern in the sense that it wasn't caught by Apple sooner.

Perhaps the strangest and most troubling part of the bug is the fact that it does prompt the user to login as is typically required any time settings are changed within the operating system-but it doesn't matter if the user actually enters the password.

'Our customers deserve better. "We are auditing our development processes to help prevent this from happening again", Apple said, reported MacRumors.

Sam Allardyce confirms Everton in talks to sign Arsenal forward Theo Walcott
Sanchez, who Arsenal are growing resigned to losing this month, stepped off the bench, but Walcott was once again a spectator. I'll be very excited and enthused when someone, even if it's not Theo, has signed on the dotted line".

Related News:



Most liked

NHS Forth Valley "sorry" patients have experienced longer waits in A&E
NHS staff have been faced with rising numbers of flu cases and respiratory illnesses, with 48 flu-related deaths in England so far this winter.

Pornhub Year In Review Shows 3DS Views Going Up While Wii Droops
Sex therapist Dr Laurie Betito said 2017 is the year where women chose to "express their desires more openly". The website opinionated that this hike could be because of a new feature launched, named Porn for women.

Indian WhatsApp users sent 20 bn messages on New Year's Eve
When Instagram users press the "add to story" button, they will see a new menu with the option to share to WhatsApp . The Stories are protected by the same encryption method used throughout WhatsApp and disappear after 24 hours.

Turkey 'summons top United States diplomat' over Syria Kurd forces
The Russian military said that the attack originated from the village of Muazzara, which is located in the Idlib region of Syria . The ministry said last week that two Russian service personnel were killed in a mortar attack on the Hmeimim base on December 31.

Pair Carjacked Victim At Gunpoint, Used Vehicle To Commit Armed Robbery
Warrants have been obtained for 22-year-old Curtez Woods who has been charged with Armed Robbery Burglary and Aggravated Battery. Maryland State Police are searching for two people wanted for holding up a convenience store in Salisbury late Monday night.

Ed Sheeran accused of ripping off Aussie song
The plaintiffs claim that Holland shared Rae's " When I Found You " with the defendants "in an effort to gain exposure for Ms. In 2016, Busch was involved in the $25 million ($20 million) lawsuit against Sheeran for his song Photograph .

Senators Make Bets on Vikings-Saints Game
He is preparing for Sunday's game in Minnesota, with a trip to the NFC Championship on the line. The Sunday demonstration is planned for 2:30 p.m. outside the downtown Minneapolis stadium.

Le'Veon Bell says next year is 'irrelevant' after franchise tag comments
Bell has wanted a massive contract, citing the desire to help all running backs in an era that has devalued the position. Bell already turned down a deal that reportedly would have given him $30 million guaranteed over the first two seasons.

NBA Reveals All-Star Voting Returns: Giannis No Longer Top Vote-Getter
Cleveland LeBron James leads all players in the voting, bringing in 1.6 million. The two captains will then draft a team based on the pool of players.

Delta, Zara and Medtronic Join Marriott in Beijing's Doghouse After Location Gaffes
Taiwan and the mainland split in 1949 after a civil war but the Communist Beijing government claims the island as its territory. An executive who answered the phone at Zara's Shanghai office was not able to immediately comment.

'The World Ends With You' Will Be Launching On The Nintendo Switch
EA has mostly abandoned the Switch with the exception of this game, and it appears to be an exceptional game from them. Cooperative heist shooter Payday 2 is coming to Nintendo Switch, adding HD rumble and touchscreen controls.

Soon you can listen to the radio directly from your Samsung phone
LG announced recently that it was going to unlock the FM chips on its handsets a few months back in partnership with NextRadio . Aside from Samsung, LG, Motorola , and Alcatel have also chose to activate the FM chips in their smartphones.

GM plans to release cars with no steering wheel in 2019
The company declined to identify the first states in which it plans to launch the vehicle or say when it would begin testing. GM sees the announcement Friday as a significant step toward the widespread adoption of self-driving vehicle technology.

Dark Souls Trilogy Box Set Slated to Arrive in Japan for PS4
It seems that despite listings saying quite the opposite, Dark Souls Remastered will not feature HDR on PS4 Pro after all. Fe lets you control a fox-like creature as it travels through a forest that reacts to the songs its inhabitants sing.

Seal slams Oprah's "sanctimonious" speech, says she knew all along
But the singer has accused the media maven of being an example of " sanctimonious Hollywood ", reports an entertainment website. Someone from his team reached out to her to see if she would talk to him, and she said she would if it was for an interview.