Yet another macOS High Sierra bug: Unlock App Store system preferences with any password Credit: IDG

Yet another macOS High Sierra bug: Unlock App Store system preferences with any password

Less than two months ago, Apple users discovered a bug in macOS that allowed anyone to log in with root access. Apple apologized and fixed it quickly, but now users on Open Radar have found a similar (but far less severe) macOS password bug.

If you're running macOS High Sierra, try this: 

  1. Open System Preferences.
  2. Click on App Store.
  3. If the padlock is unlocked, click to lock it.
  4. Click the padlock to unlock it.
  5. In the prompt, enter your username and any password.

The App Store preferences pane should unlock. We tried it on a new iMac and MacBook Pro, both with macOS 10.13.2, and it worked.

The bad news is that this is a really easy and fairly serious security vulnerability. The good news is that users running the 10.13.3 beta have not yet been able to reproduce the bug, so it's probably fixed in that upcoming release.

This is also nowhere near as serious as the root bug was. Allowing anyone with access to your Mac to access your App Store system preferences is bad, but it's not like it would let them rack up a ton of charges or steal your data (the most lenient setting for purchases is to require your password after 15 minutes).

Apple's quality problems

Between late November and early December of last year, Apple users were treated to a flurry of problems. The worst was the infamous root bug, which was quickly fixed with a patch that broke file sharing for some users. But we can't forget the iOS bug where users couldn't type a capital I. And then iPhones got stuck in a boot loop on December 2. (We'll give Apple a pass on Meltdown/Spectre, as that one hit the entire computing industry.)

At the time of the root bug, Apple released a statement saying:

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Later, Phil Schiller downplayed the notion that there were systemic problems at Apple. "We just had a bad week. A couple of things happened, that’s all." He once again promised to audit Apple's systems and processes to prevent this sort of thing from happening again.

And yet here we are, not halfway into January, with another "they really should have caught this" bug. While it's not nearly as serious as those of the infamous "bad week," it's still an amateur-hour mistake that makes it easy to question Apple's renewed commitment to quality.

IDG Insider

PREVIOUS ARTICLE

«Microsoft tests show Spectre patches drag down performance on older PCs

NEXT ARTICLE

Newegg is selling Destiny 2 for $27»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?