macOS High Sierra Bug Allows App Store Preferences To Be Accessed Without Password

Apple is having a pretty bad time of it as far as the security of its software and hardware is concerned of late.

Not very long ago, we had the situation that left Mac users able to access root superuser account privileges simply by entering a blank password on macOS High Sierra 10.13.1 and now we, of course, have the fallout of the CPU vulnerabilities that are very much in the news right now.

While Apple cannot be held responsible for hardware faults in CPUs it does not produce, the thought of elevated privileges being nothing but a blank password away is terrifying, and while Apple did fix that bug, a very similar one has also come to light that allows users access to the App Store portion of the System Preferences app on macOS, again without the need for a password. The issue, which was filed in an open Radar, is reproducible on macOS High Sierra 10.13.2, which is the latest built to be made available to the public. However, the current beta builds of macOS 10.13.3 do not have the same issue, suggesting Apple has reacted to the Radar and fixed the bug in question.

At this point, it is important to note that this bug also only appears to be impacting those who are logged in as Administrator accounts, rather than normal user accounts. It’s also true that the App Store settings are unlocked and accessible by default when logged into such an Administrator account, so it is debatable how highly impacting this issue is. However, Apple allowing anyone to unlock a preference pane without entering a correct password is something that should obviously not be excused.

If you want to test it out for yourselves, here’s what you need to do:

Step 1: Go to System Preferences > App Store.

Step 2: Click the padlock icon to lock the preference pane if it is unlocked.

Step 3: Now, click the padlock icon again to bring up the sign in dialog.

Step 4: Type in your (correct) username, then enter anything into the password field.

Step 5: Hitting Unlock now should get you into the preference pane.

While it’s good news that Apple appears to have fixed this issue, we do wish people were unable to find them in the first place!

(Source: Open Radar)

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.