Yet another crazy bug surfaces in macOS High Sierra
Yet another serious security flaw has been discovered in macOS High Sierra.
The bug, which remains present in Apple’s most recent public release, allows anyone to change the App Store settings in System Preferences by entering anything as your password.
It’s hard to ignore the decline in Apple software quality. It seems that with every update — for iOS or macOS — new bugs are introduced. Some are serious security flaws, like the one that allowed anyone to gain administrator access to your Mac by entering “root” as the password.
Another security flaw is uncovered
The latest also falls into this category. Highlighted in a bug report on Open Radar, the flaw allows anyone to change App Store settings within System Preferences. Entering anything in the password, which normally requires your login password, field grants access to the menu.
Once inside this menu, the user can do trivial things like enable or disable automatic updates — including macOS updates — and more serious things like changing the length of time before your password is required between App Store purchases.
The user must be logged into an administrator account, however, so this won’t work in guest accounts. It’s also worth mentioning that other System Preferences menus cannot be unlocked with the same trick.
Apple may have a fix at the ready
According to MacRumors, which was first to notice the bug report, the flaw is present in Apple’s latest 10.13.2 release — but not in Sierra versions of macOS. The issue cannot be reproduced in the latest 10.13.3 betas, so it seems Apple may already have a fix at the ready.
If Apple is already aware of the issue, it will have surely been hoping it could fix it before anyone noticed the problem.
At this point, you might be thinking, “App Store preferences are unlocked by default in administrator accounts.” But as MacRumors adds, “being able to bypass a Mac’s password prompt with any password is obviously unacceptable.”
What’s the point in having the prompt at all?
I’ve already written, at length, about how Apple must do something to eliminate frequent bugs like this one, and warned they could damage its reputation eventually. As an increasing number are uncovered in new releases, the potential for that increases.