Skip to content

January 11, 2018

Mac exploit lets you change App Store preferences with any password

by John_A

Apple’s Mac password troubles aren’t over yet. Users have discovered that it’s possible to change Mac App Store preferences in macOS High Sierra using any password. You do need to login as an administrator, which is supposed to unlock preferences, but you’re allowed to use any password you like if the preference is locked and you need to get access again. Other sections still require a correct password.

We’ve asked Apple for comment on the apparent bug and will let you know if it can provide a response, although we’ve learned that this shouldn’t expose users and that it should be fixed with the upcoming macOS 10.13.3 update (the fix is already present in the beta).

It’s not going to be a serious issue when an intruder needs admin-level access, but it could be a concern if an attacker already has those privileges. They could loosen your password restrictions for downloads (say, to go on a shopping spree without your consent) or force automatic updates if they know a newer app or OS release is vulnerable. And of course, this illustrates that the company still has avoidable security hiccups to address.

Via: MacRumors

Source: Open Radar

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: