March 21, 2018

New macOS Security Bug Unlocks App Store With Any Password

12 January 2018, 06:08 | Lucia Cruz

Password bug in macOS 10.13 App Store

MacOS password bug

To check if you're affected by this bug, open system preferences on your Mac, click on App Store, then if the padlock on the window is unlocked, click on it to lock it.

Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system.

A bug in macOS version 10.13.2 allows a local admin to access App Store preferences by using any incorrect password. You do need to login as an administrator, which is supposed to unlock preferences, but you're allowed to use any password you like if the preference is locked and you need to get access again.

Experts say it is limited to the App Store and presents a relatively limited security risk. The flaw follows a series of notable security bugs that shipped in recent weeks including the notorious root access flaw that allowed anyone to access critical account settings and more.

Video Show Cruise ship fight with winter storm
Norwegian apologized to guests, saying the ship "encountered stronger than forecasted weather conditions". "All guests and crew are safe", the company statement said.

'These settings are unlocked by default for admin users, entering a bogus password only works if you're logged in as an admin user and the settings in this panel aren't particularly sensitive.

Perhaps the strangest and most troubling part of the bug is the fact that it does prompt the user to login as is typically required any time settings are changed within the operating system-but it doesn't matter if the user actually enters the password. Thankfully Apple was quick in issuing an update that fixed the problem, but now it appears that a new password bug has appeared.

The bug comes hot on the heels of a previous "root user" password flaw discovered in December.

'Our customers deserve better. Attackers could use that particular vulnerability to install malicious programmes, delete Apple IDs and anything else that they wanted to do. "We are auditing our development processes to help prevent this from happening again", Apple said, reported MacRumors. Macrumors states that it can not reproduce the error on the beta versions of macOS 10.13.3, suggesting it'll be fixed in an upcoming release.

Other News

Trending Now

Congress must act to protect immigrant families
The Trump administration will end protections that would allow almost 200,000 Salvadorans to stay in the USA legally. In his call to eliminate TPS altogether, Coffman's bill addresses a major criticism of the program.

China shuts Marriott website over Tibet error, scolds…
Further, one of the hotel's official Twitter accounts was found to have "liked" a Tibetan separatist group. The Tibet option had been removed as of 4:00 p.m. (0800 GMT) China time.

Everton in talks with Arsenal to sign Theo Walcott - Sam Allardyce
Tosun told the club's official website: "I can say that I am a very good and unsafe striker when I am in the penalty box". Malcom could be set to replace Walcott at the Emirates with the England winger closing in on a move to Everton .

The Body is Disposable in Netflix's First Altered Carbon Trailer
The stunning first trailer for one of 2018's most anticipated sci-fi shows is here. So that he can solve Bancroft's murder.

Boy shot in Texas church massacre will finally leave hospital today
The last Sutherland Springs shooting patient, Ryland Ward , returned home Thursday. Duncan visited Ward in the hospital nearly every Sunday.

CES Loses Power For 2 Hours, Maybe Make Electronics For That?
Power outage causes attendees to evacuate Central Hall at CES in Las Vegas on Wednesday, Jan. 10th, 2018. At Intel's booth, a woman played the violin to entertain the attendees caught in the dark.

Russian troops in Syria fight off 'swarm' of rebel drones
We take appropriate force protection measures to ensure Coalition forces and our partners can safely carry out their missions. The ministry said the Hemeimeem air base and a naval facility in Tartus were the targets.

Fire crews tackle blaze at recycling plant in Dublin
But people with breathing difficulties are being advised to avoid the area until the remainder of the smoke plume is gone. EMERGENCY SERVICES ARE attending what appears to be a huge fire at St Margaret's metal recycling plant in north Dublin.

Final Remix Coming To Nintendo Switch With New Content
The game will include the base game, as well as a new "beginner-friendly" mode that lets players enjoy the game as Funky Kong. Who doesn't love the fluff ball that is Kirby? The game will be called Kirby Star Allies and is set to release on March 16th.

Lexington Realty Trust (NYSE: LXP)
The stock of Physicians Realty Trust (NYSE: DOC ) has "Buy" rating given on Monday, November 6 by Cantor Fitzgerald. A number of other hedge funds and other institutional investors have also modified their holdings of the business.