Yet another macOS High Sierra bug: Unlock App Store system preferences with any password; another one Apple should have caught

“Less than two months ago, Apple users discovered a bug in macOS that allowed anyone to log in with root access,” Jason Cross writes for Macworld. “Apple apologized and fixed it quickly, but now users on Open Radar have found a similar (but far less severe) macOS password bug.”

“If you’re running macOS High Sierra, try this: Open System Preferences. Click on App Store. If the padlock is unlocked, click to lock it. Click the padlock to unlock it. In the prompt, enter your username and any password,” Cross writes. “The App Store preferences pane should unlock. We tried it on a new iMac and MacBook Pro, both with macOS 10.13.2, and it worked.”

Cross writes, “Here we are, not halfway into January, with another ‘they really should have caught this’ bug.”

Read more in the full article here.

MacDailyNews Take: Sheesh.

Apple University grads should ask for their money back.

Be a yardstick of quality. Some people aren’t used to an environment where excellence is expected. — Steve Jobs

Why are there so many macOS and iOS bugs? – December 5, 2017
Updating to latest macOS 10.13.1 disables Apple’s ‘root’ bug patch; you’ll need to reinstall Apple’s root security fix – December 2, 2017
Apple’s macOS High Sierra bug fix arrives with a new bug – here’s the fix – November 30, 2017
Apple on Mac flaw: ‘We apologize to all Mac users. Our customers deserve better. We are auditing our development processes.’ – November 29, 2017
Apple releases fix for macOS High Sierra administrator authentication bypass flaw – November 29, 2017
Tim Cook’s sloppy, unfocused Apple rushes to fix a major Mac security bug – November 29, 2017
What to do about Apple’s shameful Mac security flaw in macOS High Sierra – November 29, 2017


        1. Let’s not blame Tim. He is focused on taxes not product. He spends his time and energies on that because that’s the big money maker. Who needs product when you can get tax breaks. Come on guys you know all you ever need is a CEO that wants tax breaks.

  1. I am under the impression. This stems from trying to simplify access – to not overburden the user with to many prompts. Simplification just like improving speed/performance, reduces security.

    Apple removed a prompt and it was less secure underneath. Someone didn’t document their code well enough.

    Apple needs to go back to Mac Paint source code to see how it’s done.

    Problem has been patched anyway.

  2. Any name and PW worked to unlock the App Store pref on my 2015 MBPro. That being said- if criminal could walk up and have full unsupervised access to my unlocked computer, the App Store prefs are the least of my worries. That’s why I lock my screen, use a strong PW and encrypt my drive.

  3. Worked on mine. If you get into my house, past the alarm and deadbolt. And if you can unlock the access password to my computer, you could, conceivably, download Minecraft. I don’t know if I’ll be able to sleep thinking about it. I’m traumatized.

  4. Didn’t work on any of my systems, but if someone has complete unsupervised access to my unlocked Mac, they’ll do far worse than the App Store preferences… another willful misrepresentation. They’re must be some fear in the competition for the last quarter numbers…

  5. Can this “hack” be accessed remotely or would the “hacker “ need access to the actual Mac?

    If so, I’d be more concerned about them breaking into my home rather than them “hacking” my iMac.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.