New macOS High Sierra Password Flaw Discovered

Share

They could loosen your password restrictions for downloads (say, to go on a shopping spree without your consent) or force automatic updates if they know a newer app or OS release is vulnerable.

Anyone hoping to recreate the bug on their own Mac should log in as a local admin, then open the App Store preference pane from System Preferences. Flipping those settings could be used in conjunction with another attack to ensure a system wasn't patched to close a security hole, though local access or at least administrator access from a remote location are required. Earlier this week, a bug was reported on the Open Radar platform which gave a detailed description of an issue discovered on macOS High Sierra version 10.13.2.

Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system.

Assuming the attacker would be able to gain such access, they would still only be able to change the user's preferences in the App Store.

The bug appears limited to High Sierra (Sierra isn't affected), and has been verified by Macrumors as existing in 10.13.2, the latest version of the operating system.

"Whatever We'll Get, It'll Be From India": Mehbooba Mufti In J&K Assembly
NC members carrying banners "stop innocent killings" raised slogans and were supported by the entire opposition. She also said that the state Assembly is the most empowered one in the country.

Texas shooting victim, 6, goes home on a firetruck
As it rolled down the freeway, supporters gathered on overpasses and along roads waving and smiling, and Ryland waved back. Today, Ryland was discharged from the hospital and was treated with a special ride home in a firetruck.

Ecuador grants citizenship to WikiLeaks founder Assange
Assange applied for citizenship on September 16th, 2017, and was granted it on December 12th in the same year. She also said she feared threats to Mr Assange's life coming from third party states.

With I Am Root still fresh in the memories of users and the recent hoopla over Meltdown and Spectre not yet died-down, this comes at a particularly unwelcome time.

Enter any bogus password you like and the system will grant you access.

Previous year some of you might recall that Apple's macOS High Sierra had a security flaw/bug which allowed users to gain admin access without the need for a password. Once locked, click it again, enter your user name, and enter anything you want for a password.

'We greatly regret this error and we apologize to all Mac users, ' Apple said in a statement at the time.

The bug report highlighted that this new discovery signified another embarrassing flaw in password-based issues for Apple. The bug was spotted by MacWorld, which also notes that it's most likely the bug will be fixed in the next update as users running the 10.13.3 beta haven't been able to reproduce it. Our customers deserve better.

Share