Just weeks after a shocking security flaw that gave anyone the ability to access the root account on a macOS High Sierra computer was revealed by a software developer on Twitter, a new vulnerability has come to light. This Monday, a bug report on Open Radar brought attention to newly-discovered issue which allows the System Preferences of the App Store on macOS High Sierra computers to be unlocked with any password.
As the bug report explains, the user has to be logged into an account with administrator-level access in order for the bug to work. But as long as you’re logged in as an admin, you can duplicate this on any High Sierra machine.
These are the steps that you need to take in order to see the System Preferences bug in action for yourself:
- Log in as an administrator
- Click on System Preferences
- Click on App Store
- Click on the padlock (if it isn’t already locked)
- Click the padlock again to unlock it
- Enter your username and any random password
- Click Unlock and see what happens
notes that no other System Preferences menus appear to be affected by this bug, in case you were looking for a silver lining. The good news is that the bug couldn’t be replicated on the latest betas either, so as soon as the new version of High Sierra rolls out, this should be solved. Unfortunately, that update is still being tested, and it could be weeks before Apple is ready to roll it out the the public.
While the risks of someone accessing your App Store preferences are far less serious than those of the root access bug from 2017, the mere fact that these issues continue to crop up is worrisome. Whether Apple’s quality assurance has taken a dip in quality or this just happens to be a string of outliers, it’s been a rough stretch for Mac fans.