macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password [Updated]

[GaryMumford]

No you're not. This just isn't a major issue. My concern is that it's a further indicator of Apple's failure to do proper QA on security related issues in the recent past.

No, It's not a major issue... But it's still sloppy work from Apple

 

[zorinlynx]

One thing I'm wondering is why Apple made such substantial changes to its authentication/security code. These bugs showed up in High Sierra; they are not in Sierra. However, there's not a lot of difference in how security/authentication works from a user's perspective between Sierra and High Sierra.

My question is, what did they change underneath that resulted in these bugs, and why? What was wrong with the old code that they felt they needed to muck about with it? If we had new security features, I'd understand code changes that might result in bugs. But we don't.

 

[0958400]

Apple get your act together.
It used to work quite well, "it just worked", it was aesthetic, it was safe.
Yearly updates are nonsense and this is what we're dealing with now.

I cannot believe that they are not listening to the things that Steve has said about "marketing" ruling a company. I cannot believe that they do not remember how slimming down the product line made it easier to focus and create stable products.

It's not that Microsoft is so much better, granted. But Apple used to be better.

 

[jarman92]

Its outrageous that another issue like this exists, but I would hardly say this is "rather serious." Bit of a reach on MacRumors part.

 

[alms]

How does this even happen? How can you have authentication code that in one place accidentally accepts any password? That's just awful. The rot must go deep.

 

[macduke]

This is so stupid that I’m starting to wonder if there is someone inside Apple actively trying to sabotage the company.

 

[0958400]

Never stopped watching porn so quickly...

mazel tov? 😉

THIS WILL BE THE END OF THE WORLD!

WHAT HAS HAPPENED TO APPLE LATELY!? IF SOMEONE HAD ACCESS TO MY MACHINE THEY COULD CHANGE A COUPLE FAIRLY MEANINGLESS APP STORE PREFERENCES!!!!

You mean like fixing caps lock?

 

[ikir]

This pref pane is UNLOCKED by default 🙂 not a big deal

 

[MacBebe]

This is not good. What's going on with Apple lately?

 

[HiRez]

It sounds like the Apple software team needs a major shakeup, and more resources (Apple is notorious for pulling engineers off one project to work on another, usually anything iOS related). I think they are just spreading themselves too thin these days.

Testing needs to be a priority. I think the annual release schedules (centered around WWDC and fall iPhone rollouts) are making rush jobs and things like testing are probably the first thing to get less attention to make up time.

 

[guzhogi]

Running 10.13.1, and I couldn't get it to work.

 

[Chupa Chupa]

One more reason I chose to leave macOS in 2017. iOS is a much better platform for me moving forward. Has everything I need and a bright future ahead. We need a ground up rework of macOS - based on iOS.

Wait -- MacOS based on iOS? How is that possible since iOS is based on MacOS?

 

[fivenotrump]

10.13.2: I can reproduce this when already logged in as an admin user, but not when logged in as a non-admin user.

 

[HacKage]

THIS is the reason why I haven't upgraded to High Sierra yet, regardless of the weekly notifications that won't go away! The whole thing has been a disaster from start to finish. Just call it Vista and get the equivalent of W7 released.

 

[M.PaulCezanne]

Bugs happen, but Apple is having a Microsoft Windows moment with High Sierra. What a PR nightmare (and rightly so).

 

[cmaier]

jesus apple. For an OS release that was supposed to be a "no new features - focus on quality and performance" release, High Sierra is beyond a dumpster fire.

 

[Wildkraut]

lol go Apple go, U Kan Doh Eeet!
At least they can keep their name in headlines that way. It’s like with celebrities, when they start to public fade out, they take a few obscene selfies to get headlined again. In case of Apple it’s bugs, heh.

 

[NSeven]

I hope people get fired for this... they need to be made an example of... we need reassurance that something was done to the developer / testers that let this slip... maybe then less mistakes will happen.

 

[AFEPPL]

Thankfully i have not upgraded.
HS is just a mess

 

[RuffyYoshi]

Yup, this is why I always install one generation older MacOS. I think it's time I did it with both MacOS and iOS.

 

[Wackery]

there’s a reason why they call it ‘high’ sierra

 

[iapplelove]

And imagine all the bugs we don’t know about yet lol

 

[Jimmdean]

I don't understand why when a security flaw is found some @sshole has to go around and tell everybody about it. How about just making sure Apple knows and leave it at that? Jeez.

 

[w00master]

It just works! (TM)

 

[pallymore]

This isn't that major an exposure as a user with an admin account would already have access to this setting with the proper credentials. It's also fixed in the 10.13.3 betas. The preference is also unlocked by default when System Preferences is first opened, so no password at all is needed, by default.

I don't think this is about how "serious" this bug is.
Probably no malicious user can take advantage of this - that's great but that doesn't mean Apple should be praised for it.

This shows how careless Apple has become when it comes to macOS. This is such an obvious bug that should have been easily caught by automated tests. On the stage Apple execs love bragging about how they care about security but in reality we've got two password-related stupid-level bugs in the same major release of their OS.