Apple despite of its high security standards, seems to be under the news radar with its new bug discovered in macOS High Sierra 10.13.2. The bug that was originally discovered by open radar, a community for bug reports earlier this week, allows a user with admin rights to unlock app store preferences with any password. Though this is not a major security issue which can create a havoc but enough to raise a question that does Apple really concern about mac security?
What’s the Issue?
Earlier this week a report published by open radar stating App Store Preference lock a hoax, put every Mac user in a spot of bother. They reproduce this bug in the mac running with latest version of mac i.e. macOS High Sierra by unlocking App Store Preference by any anonymous password.
If you are mac user with running macOS High Sierra on your machine then you can too reproduce this bug by following the steps below:
- Log in to your mac as local administrator
- Now go to System Preferences and then click on App Store
- Click on the padlock icon to unlock it. In case it is already unlocked click on the icon to first unlock it.
- In the login window that appears type your username and any password of your choice.
- Now click on Unlock button.
The outcome that you will receive will really shock you have unlocked the App Store preference.
However, if you try to reproduce the same bug with a non-admin account then you will not be able to unlock the App Store preferences with an incorrect password.
How Serious Can This Bug Be?
If you compare this latest bug with the bug that was discovered in November 2017 that allows anyone to get the root access in Mac running macOS High Sierra than it is not that much serious. However still anyone getting the access to App Store preference can control App Store settings like enabling or disabling installation of app updates, macOS updates along with most necessary security updates that Apple releases time to time.
What Can You Do as A User?
Hopefully, Apple is going to fix this bug in the upcoming updates of macOS High Sierra, as this bug cannot be reproduced in macOS High Sierra 10.13.3, a beta version. However, if you are the one which does not rely much on beta version then logout from the admin account of your mac, when not in use.
Also, as an immediate security measure you can create a standard account and start using that, until an official patch is released for this vulnerability.
