A bug in macOS High Sierra lets you unlock App Store preferences using any password. The bug was identified in an Open Radar submitted Monday by eholtham, reports MacRumors.
Summary:
The AppStore Preferences in System Preferences can be unlocked by a local admin with any bogus password.
Steps to Reproduce:
1) Log in as a local admin
2) Open App Store Prefpane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password
It appears the issue has already been resolved in the third and fourth betas of macOS High Sierra 10.13.3 and it does not appear to be present on macOS Sierra 10.12.6.
This bug follows a major root password vulnerability that was discovered in macOS 10.13.1. The company has yet to respond to this issue.
Please follow iClarified on Twitter, Facebook, or RSS for updates.
Read More
Summary:
The AppStore Preferences in System Preferences can be unlocked by a local admin with any bogus password.
Steps to Reproduce:
1) Log in as a local admin
2) Open App Store Prefpane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password
It appears the issue has already been resolved in the third and fourth betas of macOS High Sierra 10.13.3 and it does not appear to be present on macOS Sierra 10.12.6.
This bug follows a major root password vulnerability that was discovered in macOS 10.13.1. The company has yet to respond to this issue.
Please follow iClarified on Twitter, Facebook, or RSS for updates.
Read More