Thursday, January 11, 2018

macOS High Sierra Bug Unlocks App Store Systems Preferences With Any Password

A bug report submitted on Open Radar reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. This only appears to be when logged in as a local admin. The security vulnerability means that anyone with administrator-level access to your Mac could unlock the App Store preferences and enable or disable settings to automatically install macOS updates, app updates, system data files, and even security updates that would fix a bug like this one. The security flaw is present in macOS 10.13.2 which is the current public version of macOS High Sierra, but resolved in the latest beta version of macOS 10.13.3.

No comments:

Post a Comment