MacOS High Sierra Facing a New Password Bug

A screenshot of the login field for the App Store preferences on a Mac. Any password will do to long into the App Store preferences on a Mac running High Sierra

Any password will do to long into the App Store preferences on a Mac running High Sierra

It doesn't look as though any other password protected settings can be accessed with an incorrect password, and luckily none of the settings in the App Store preferences pane are too sensitive, meaning that it's a lot less serious than the bug from November. Being able to change preferences in the App Store allows you to change the schedules for app updates, system updates, and security updates. Then click on the padlock again to unlock it and a prompt should pop up where you can enter your username and password. This, when it is the system password that should have been the only key granting access to the privileged section.

I personally tested this bug in macOS 10.13.1 and it would not work. This should unlock the App Store preference for you. Anyone with access can enable or disable settings related to automatically installing MacOS software, security and app updates.

Coming soon after a previous "root user" password flaw discovered in December, as well as the Meltdown and Spectre chip flaws, the timing is likely to shake consumer confidence, however. Second, the ability to unlock these preferences with any password is only available to local admins, and standard user accounts aren't affected. If the bug exists on your computer, you can put in any password and the padlock will unlock regardless. Apple later fixed the issue with a security update. As the report mentions, the security flaw is present in macOS 10.13.2 which is the current public version of macOS High Sierra, but resolved in the latest beta version of macOS 10.13.3.

Assassin's Creed Rogue Remastered Revealed
Starring Shay Patrick Cormac, players explore the icy North Atlantic, the bustling streets of New York City and a river valley. Assassin's Creed Rogue Remastered came to light back in late-November after it started popping up on Italian retail sites .

Regarding the root flaw, an Apple spokesperson said: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused".

The discovery no doubt brings back memories of the infamous bug that allowed anyone with root access to a device to log in with the least of a hindrance.

The latest issue is reported to have been addressed in the latest beta version of macOS 10.13.3. "We are auditing our development processes to help prevent this from happening again".

Latest News