A new bug has been discovered on devices running macOS High Sierra that allows anyone to access your App Store system preferences. The bug was spotted by MacWorld and the bug will be fixed in the next update as users running the 10.13.3 beta haven’t been able to reproduce it. It should be noted that the bug doesn’t allow access to sensitive user information on the Mac and doesn’t create exposure for users. User and other system preferences can’t be changed without the admin’s actual password. The admin also has to be logged in already for access.
To check if you’re affected by this bug, open system preferences on your Mac, click on App Store, then if the padlock on the window is unlocked, click on it to lock it. Then click on the padlock again to unlock it and a prompt should pop up where you can enter your username and password. If the bug exists on your computer, you can put in any password and the padlock will unlock regardless. An editor at The Verge tested this and confirms the bug exists. We’ve reached out to Apple for a comment and will report back when we know more.
In late November, Apple rolled out a security update for macOS High Sierra that patched a serious vulnerability that allowed admin access to a Mac computer without providing any password.
No comments:
Post a Comment