Yet another macOS High Sierra bug: Unlock App Store system preferences with any password

Less than two months ago, Apple users discovered a bug in macOS that allowed anyone to log in with root access. Apple apologized and fixed it quickly, but now users on Open Radar have found a similar (but far less severe) macOS password bug.

If you're running macOS High Sierra, try this: 

  1. Open System Preferences.
  2. Click on App Store.
  3. If the padlock is unlocked, click to lock it.
  4. Click the padlock to unlock it.
  5. In the prompt, enter your username and any password.

The App Store preferences pane should unlock. We tried it on a new iMac and MacBook Pro, both with macOS 10.13.2, and it worked.

The bad news is that this is a really easy and fairly serious security vulnerability. The good news is that users running the 10.13.3 beta have not yet been able to reproduce the bug, so it's probably fixed in that upcoming release.

This is also nowhere near as serious as the root bug was. Allowing anyone with access to your Mac to access your App Store system preferences is bad, but it's not like it would let them rack up a ton of charges or steal your data (the most lenient setting for purchases is to require your password after 15 minutes).

Apple's quality problems

Between late November and early December of last year, Apple users were treated to a flurry of problems. The worst was the infamous root bug, which was quickly fixed with a patch that broke file sharing for some users. But we can't forget the iOS bug where users couldn't type a capital I. And then iPhones got stuck in a boot loop on December 2. (We'll give Apple a pass on Meltdown/Spectre, as that one hit the entire computing industry.)

At the time of the root bug, Apple released a statement saying:

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Later, Phil Schiller downplayed the notion that there were systemic problems at Apple. "We just had a bad week. A couple of things happened, that’s all." He once again promised to audit Apple's systems and processes to prevent this sort of thing from happening again.

And yet here we are, not halfway into January, with another "they really should have caught this" bug. While it's not nearly as serious as those of the infamous "bad week," it's still an amateur-hour mistake that makes it easy to question Apple's renewed commitment to quality.

IDG Insider


« Huawei's new WiFi Q2 mesh networking system is capable of ridiculous speeds


Newegg is selling Destiny 2 for $27 »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?