Research

MacOS High Sierra Facing a New Password Bug

MacOS High Sierra Facing a New Password Bug

Then, head to System Preferences and click on the App Store icon.

Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system. Users have discovered that it's possible to change Mac App Store preferences in macOS High Sierra using any password.

Assuming the attacker would be able to gain such access, they would still only be able to change the user's preferences in the App Store.

Using this preference pane, users can choose to enable or disable automatic downloads and installation of OS security updates among other things.

With I Am Root still fresh in the memories of users and the recent hoopla over Meltdown and Spectre not yet died-down, this comes at a particularly unwelcome time. Once locked, click it again, enter your user name, and enter anything you want for a password. If the bug exists on your computer, you can put in any password and the padlock will unlock regardless.

The impact is small as it's only preferences for one application and, to get to it, you need to log into the operating system - and that password layer seems just fine.

Station fire causing severe delays for travellers from the East
The fire later spread to the roof void and around 60 firefighters are tackling "arduous" conditions using specialist equipment. An East Midlands Trains spokesman said: "Emergency services have been called to Nottingham station to deal with a fire".

In November, Apple had to patch a vulnerability that allowed access to the root superuser account with a blank password.

The bug report highlighted that this new discovery signified another embarrassing flaw in password-based issues for Apple.

Apple has reportedly fixed the new bug in the beta version of macOS 10.13.3, its upcoming High Sierra update expected to release to the general public sometime this month, according to MacRumors.

In order to reproduce the bug, a user can start by logging in as an admin. "We are auditing our development processes to help prevent this from happening again", the company said in a statement to UberGizmo. There's no current workaround to this issue, so the only real option is to wait for Apple to provide a solution.

We should note that these settings are unlocked by default on administrator accounts, as they aren't especially sensitive.