“Less than two months ago, Apple users discovered a bug in macOS that allowed anyone to log in with root access,” Jason Cross writes for Macworld. “Apple apologized and fixed it quickly, but now users on Open Radar have found a similar (but far less severe) macOS password bug.”
“If you’re running macOS High Sierra, try this: Open System Preferences. Click on App Store. If the padlock is unlocked, click to lock it. Click the padlock to unlock it. In the prompt, enter your username and any password,” Cross writes. “The App Store preferences pane should unlock. We tried it on a new iMac and MacBook Pro, both with macOS 10.13.2, and it worked.”
Cross writes, “Here we are, not halfway into January, with another ‘they really should have caught this’ bug.”
Read more in the full article here.
MacDailyNews Take: Sheesh.
Apple University grads should ask for their money back.
Be a yardstick of quality. Some people aren’t used to an environment where excellence is expected. — Steve Jobs
SEE ALSO:
Why are there so many macOS and iOS bugs? – December 5, 2017
Updating to latest macOS 10.13.1 disables Apple’s ‘root’ bug patch; you’ll need to reinstall Apple’s root security fix – December 2, 2017
Apple’s macOS High Sierra bug fix arrives with a new bug – here’s the fix – November 30, 2017
Apple on Mac flaw: ‘We apologize to all Mac users. Our customers deserve better. We are auditing our development processes.’ – November 29, 2017
Apple releases fix for macOS High Sierra administrator authentication bypass flaw – November 29, 2017
Tim Cook’s sloppy, unfocused Apple rushes to fix a major Mac security bug – November 29, 2017
What to do about Apple’s shameful Mac security flaw in macOS High Sierra – November 29, 2017
Tim Cook – the gift that keeps giving.
And lol his overpaid useless employees
I don’t fault Apple staff, it’s all a product of failed leadership.
blame Tim’s laser-like focus on social justice/issues instead of the company and its products.
Let’s not blame Tim. He is focused on taxes not product. He spends his time and energies on that because that’s the big money maker. Who needs product when you can get tax breaks. Come on guys you know all you ever need is a CEO that wants tax breaks.
I am under the impression. This stems from trying to simplify access – to not overburden the user with to many prompts. Simplification just like improving speed/performance, reduces security.
Apple removed a prompt and it was less secure underneath. Someone didn’t document their code well enough.
Apple needs to go back to Mac Paint source code to see how it’s done.
Problem has been patched anyway.
It did not work on my system. 2013 Mac Pro and running High Sierra 10.13.2
slop.
What you think of Tim Cook, he is predictably consistent.
Fish rot from the head.
Nuff said.
Any name and PW worked to unlock the App Store pref on my 2015 MBPro. That being said- if criminal could walk up and have full unsupervised access to my unlocked computer, the App Store prefs are the least of my worries. That’s why I lock my screen, use a strong PW and encrypt my drive.
Worked on mine with no password. Apple, jFC.
Hey punk! You think writing operating systems is easy? Huh? We hadda go ta school for dis! I been doin this for SIX YEARS. You think you’re so smart. You wanna piece o me? Come on.
Worked on mine. If you get into my house, past the alarm and deadbolt. And if you can unlock the access password to my computer, you could, conceivably, download Minecraft. I don’t know if I’ll be able to sleep thinking about it. I’m traumatized.
YKBAID
At least they fixed their special emoji that was looking smooth on screen, that’s more important that some petty software bug.
Didn’t work on any of my systems, but if someone has complete unsupervised access to my unlocked Mac, they’ll do far worse than the App Store preferences… another willful misrepresentation. They’re must be some fear in the competition for the last quarter numbers…
I still haven’t “upgraded” to High Sierra from Sierra. So far I don’t think I’ve made a bad decision.
Didn’t work on mine 😊
Fun prank, tell your friend, but give them the password:
“(friend’s name) is a doofus”
Can this “hack” be accessed remotely or would the “hacker “ need access to the actual Mac?
If so, I’d be more concerned about them breaking into my home rather than them “hacking” my iMac.