Latest in Gear

Image credit:

Mac exploit lets you change App Store preferences with any password

Apple is promising to prevent missteps like this from happening again.
Jon Fingas, @jonfingas
January 10, 2018
Share
Tweet
Share

Sponsored Links

Apple

Apple's Mac password troubles aren't over yet. Users have discovered that it's possible to change Mac App Store preferences in macOS High Sierra using any password. You do need to login as an administrator, which is supposed to unlock preferences, but you're allowed to use any password you like if the preference is locked and you need to get access again. Other sections still require a correct password.

We've asked Apple for comment on the apparent bug and will let you know if it can provide a response, although we've learned that this shouldn't expose users and that it should be fixed with the upcoming macOS 10.13.3 update (the fix is already present in the beta).

It's not going to be a serious issue when an intruder needs admin-level access, but it could be a concern if an attacker already has those privileges. They could loosen your password restrictions for downloads (say, to go on a shopping spree without your consent) or force automatic updates if they know a newer app or OS release is vulnerable. And of course, this illustrates that the company still has avoidable security hiccups to address.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Facebook is shutting down its Pinterest-like experimental app

Facebook is shutting down its Pinterest-like experimental app

View
New Galaxy Note 20 photos match up with Samsung's previous leak

New Galaxy Note 20 photos match up with Samsung's previous leak

View
The Morning After: NASA's Curiosity rover plots a 'road trip' on Mars

The Morning After: NASA's Curiosity rover plots a 'road trip' on Mars

View
Microsoft and Bridgestone launch real-time tire damage system

Microsoft and Bridgestone launch real-time tire damage system

View
New H.266 codec uses half the data to stream 4K video

New H.266 codec uses half the data to stream 4K video

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr