macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password [Updated]

[0924487]

Twice in a year

 

[Andres Cantu]

We need an iOS and macOS release at the level of Snow Leopard. It’s sad but true.

No new features cause they will just break more things.

 

[tkatz]

One more reason I chose to leave macOS in 2017. iOS is a much better platform for me moving forward. Has everything I need and a bright future ahead. We need a ground up rework of macOS - based on iOS.

This makes no sense. A dev/qa oversight in checking that an authentication window actually works as intended doesn't mean that similar issues won't appear in iOS.

I'm glad you were able to use iOS in every day life, but the last thing some of us want is an macOS thats based on iOS.

Edit: Change OSX to macOS.

 

[hagar]

Of course this is a major issue, there's no way one should downplay this. There's a part of the OS shielded of by a padlock and authentication mechanism. And that mechanism fails, again, leaving the end user with a false sense of security and an exposed system.

If it happens here, it can happen in other parts of the OS as well. Or at the front door like last month. This is a serious breach in the quality control of Apple and another blow for their reputation.

 

[IJ Reilly]

This pref pane is UNLOCKED by default not a big deal

Thank you for noticing this, something MR apparently didn't think was important enough to mention, even though it is obviously a pretty significant consideration. Not that knowing this will silence the Chicken Littles. Panic is what they do.

 

[Mildredop]

Oh man. What the hell is happening to Apple?

I jumped off of iPhone many years ago, but I'm still loyal to the Mac. But that loyalty is weakening.

 

[twennywonn]

Yeah its because they left NSA mode enabled.

 

[Quu]

macOS Swiss Cheese should have been the name.

 

[The Don Onez]

As someone who test code for a living. The problem isn't with some bugs getting out. It happens to everyone. But basic functionality being broke, is a huge problem. Sheesh.

 

[viperGTS]

THIS WILL BE THE END OF THE WORLD!

WHAT HAS HAPPENED TO APPLE LATELY!? IF SOMEONE HAD ACCESS TO MY MACHINE THEY COULD CHANGE A COUPLE FAIRLY MEANINGLESS APP STORE PREFERENCES!!!!

Wow, you're really giving Apple a pass for this. LOL

It's not just about the App Store preferences, so don't be so closed minded. This exploit could very well exist in other areas that require authentication.

Beyond that, can you really keep your trust in a company that makes bypassing authentication this easy (and common, seeing as this isn't the first bug that has made bypassing security easy)? Think outside the box for once. Like someone mentioned earlier, this suggests that Apple is becoming careless, or at least lax, in their testing processes. This exploit should've been caught before release.

 

[schmelding]

Ever since Steve Jobs died...

 

[itsmilo]

The jokes just wrote themselves at this point lol

 

[NachoGrande]

Seriously.. Wow Apple. Microsoft 2.0 X

 

[King Luis]

is apple dropping the ball as of lately?

 

[DNichter]

This makes no sense. A dev/qa oversight in checking that an authentication window actually works as intended doesn't mean that similar issues won't appear in iOS.

I'm glad you were able to use iOS in every day life, but the last thing some of us want is an macOS thats based on iOS.

Edit: Change OSX to macOS.

Since 2006, I have never seen as many issues with macOS security as I have in the last year. I don't see the same issues with iOS.

 

[pradeepbabloo]

oh well... I guess now I have to get used to these things from Apple!

 

[Xavier]

Following the root password vulnerability, Apple apologized in a statement and added that it was "auditing its development processes to help prevent this from happening again," so this doesn't look great.Apple will likely want to fix this latest security vulnerability as quickly as possible, so it's possible we'll see a similar supplemental update released, or perhaps it will fast track the release of macOS High Sierra version 10.13.3. Apple did not immediately respond to our request for comment on this matter.

Somebody is getting fired.

 

[M.PaulCezanne]

jesus apple. For an OS release that was supposed to be a "no new features - focus on quality and performance" release, High Sierra is beyond a dumpster fire.

One thing’s for sure, security experts smell blood. I’ll bet they’re scrutinizing Mac OS like never before right now. Might be good in the long run.

 

[npmacuser5]

Rushing to market complex systems, very rarely ends well. This competition of a new product and software yearly, some of the juggled balls are going to be dropped. I would rather see the release of the product when it is ready. High five to Apple for delaying the Homepod, as it was not ready.

 

[DNichter]

Wait -- MacOS based on iOS? How is that possible since iOS is based on MacOS?

Just start from scratch with iOS as the base, create a new OS that is essentially iOS, but with a point and click front end. Close off the software, less choices, clean this stuff up. iOS for phones, pads, and laptops/desktops.

 

[0837990]

Properly baked my 4ss!

 

[turbineseaplane]

Yep - Works on mine...
My goodness Apple...

What the F are you guys doing over there?

 

[macs4nw]

THIS WILL BE THE END OF THE WORLD!

WHAT HAS HAPPENED TO APPLE LATELY!? IF SOMEONE HAD ACCESS TO MY MACHINE THEY COULD CHANGE A COUPLE FAIRLY MEANINGLESS APP STORE PREFERENCES!!!!

Quote: "The implications of this security vulnerability are arguably serious. Anyone with physical or remote access to your Mac could unlock the App Store preferences and enable or disable settings to automatically install macOS updates, app updates, system data files, and, ironically, even security updates."

You don't think the above is worrisome? If they can upload system Data files, security patches, etc., they can upload malicious ones, can't they?

 

[BornAgainMac]

This is a real timesaver, thanks.

 

[Mac32]

Is there anything good about High Sierra?

One thing are these really embarrassing gaffs and bugs, and overall sloppy work by Apple. An even more important issue is how High Sierra feels more slow than Sierra, even though this OS' main point was polishing and fine-tuning the last OS.

PS: What about some new Macs? The latest Intel desktop CPUs have been out for half a year, and there are new AMD GPUs available. Still we're left with the current iMacs, which are quite expensive even though they don't use last generation hardware.