macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password [Updated]

[macTW]

“This is horrible! Apple is doomed”

I guess people forgot 1) a hacker would need your computer and 2) you’d have had to log them in to your admin account.

 

[M.PaulCezanne]

Apple spent $5 Billion on their new campus. How much have they spent on quality control?

What, they like nice stuff. A mere $4 Billion campus wouldn’t do justice to Eddy Cue’s 15 year old custom made metrosexual shirts.

 

[chrfr]

Quote: "The implications of this security vulnerability are arguably serious. Anyone with physical or remote access to your Mac could unlock the App Store preferences and enable or disable settings to automatically install macOS updates, app updates, system data files, and, ironically, even security updates."

You don't think the above is worrisome? If they can upload system Data files, security patches, etc., they can upload malicious ones, can't they?

I'd be more concerned that I somehow allowed a malicious person to walk up to my computer that is logged into an administrator account and do things to it without my knowledge.

 

[Stella]

I can see the sensational headline now. And all the android fanboys having brain aneurysms in the comments.

What has Android got to do with this?

Lots of Android owners use OSX.

 

[bmot]

MacOS High Windows

 

[PhillyGuy72]

Just wow! What a total mess they have been and it's a shame!

I'm on ElCapitan, no desire to upgrade to Sierra (not even sure how this aging Mac would handle it, only reason why I never upgraded) But after seeing so many bugs, security problems with High Sierra..you couldn't pay me to upgrade to that.

Only downfall with sticking to the older OS 10.11.6 is the lack of patches, security updates now. That latest patch a few days ago was simply an updated patched for Safari.

 

[Kabeyun]

So just asking the obvious question: if this is fixed already in the new betas, why is some Johnny-come-lately first submitting the bug this week?

 

[zorinlynx]

I don't understand why when a security flaw is found some @sshole has to go around and tell everybody about it. How about just making sure Apple knows and leave it at that? Jeez.

Because often they tell Apple about it, and Apple ignores them.

Whereas if the flaw is made public, Apple is suddenly very motivated to resolve the issue.

The fact that they don't have a bug bounty for MacOS (why have it for iOS and not MacOS, I'll never understand) probably also contributes to this.

 

[yaxomoxay]

Am I the only one thinking that this issue is not that serious?

It’s not serious as it won’t damage groups of users. However when a password is required the minimum expectation is that it works. The user’s expectations are not unreasonable. Obviously we know that every system is hackable, but this issue - which is not the first with this OS - is unacceptable because it does not meet the most basic expectations and it also burdens the user. Even a basic, uncrypted, If password == storedpassword then login(), where storedpassword is on a text file, would’ve been better than this.

 

[Jimmy Bubbles]

This is a non-issue on 10.13.3 (Public Beta). So if this really bothers you, you can essentially upgrade early.

 

[quaresma]

THIS WILL BE THE END OF THE WORLD!

WHAT HAS HAPPENED TO APPLE LATELY!? IF SOMEONE HAD ACCESS TO MY MACHINE THEY COULD CHANGE A COUPLE FAIRLY MEANINGLESS APP STORE PREFERENCES!!!!

Get a grip. Your sarcasm is not working.
I love my Apple products, but when stuff like this happens over and over again, I’m not defending them blindly like you

 

[lkrupp]

“This is horrible! Apple is doomed”

I guess people forgot 1) a hacker would need your computer and 2) you’d have had to log them in to your admin account.

And meanwhile Microsoft has had to pull its Meltdown and Spectre updates because it was bricking AMD based machines. Before that anti-virus software, even Microsoft’s own Defender package were causing BSODs on many Windows machines after applying the Meltdown and Spectre patches. But that’s no big deal.

 

[jkatzman89]

Plot twist - maybe Face ID has been built into all Macs with front facing cameras all along! Maybe High Sierra activated Face ID across the entire product line and instead of "any" password working, your Mac is instead scanning your face and letting you in!

Rolling out Face ID across all Macs this quietly takes real, true courage.

 

[MacFather]

Deleted.

 

[yaxomoxay]

“This is horrible! Apple is doomed”

I guess people forgot 1) a hacker would need your computer and 2) you’d have had to log them in to your admin account.

I guess people asking for a password - requires by Apple’s OS - to work is something strange?

And meanwhile Microsoft has had to pull its Meltdown and Spectre updates because it was bricking AMD based machines. Before that anti-virus software, even Microsoft’s own Defender package were causing BSODs on many Windows machines after applying the Meltdown and Spectre patches. But that’s no big deal.

Since when the missteps of another company/individual matter in the analysis of own’s missteps?

 

[jkatzman89]

Is there anything good about High Sierra?

Yeah, absolutely. iMessages in the iCloud......oh, wait.

 

[richpjr]

One more reason I chose to leave macOS in 2017. iOS is a much better platform for me moving forward. Has everything I need and a bright future ahead. We need a ground up rework of macOS - based on iOS.

While it's great that iOS works well for you, rewriting the desktop OS based on iOS would really suck as iOS is just way too limiting for a lot of people.

 

[chrono1081]

Non tech people: "ZOMG CRAPPLE IS HORRIBLE AND WE"RE GOING TO GET HAXEEED!"

Tech people: "Oopsy on Apples part, but no big deal since you'd need to be signed in as an admin in the first place."

EDIT: Also it appears all you can do is change if app/os updates install automatically, every other option requires you to reenter your iCloud password and won't accept just any password. This is pretty much a non-issue.

 

[kemal]

Not a super big deal. But you would think Apple would have tested EVERY PW dialog box going back to 10.11 after the root account debacle. Craig?

 

[BenTrovato]

Good old days, when everything worked like clockwork...

Haha yep. It was a good team. Today's isn't bad, but certainly isn't great.

 

[netwalker]

Bugs happen, but Apple is having a Microsoft Windows moment with High Sierra. What a PR nightmare (and rightly so).

Microsoft moments still look more like: Microsoft Patches Zero-Day Vulnerability in Office

Sixteen of the flaws resolved this month have been rated critical

 

[chrfr]

So just asking the obvious question: if this is fixed already in the new betas, why is some Johnny-come-lately first submitting the bug this week?

The person who filed the bug with Apple happened to stumble into it by accident. That doesn't mean someone else hadn't already done so, or that Apple internally found the regression that caused this, and fixed it without an external report.

 

[Return Zero]

This is so stupid that I’m starting to wonder if there is someone inside Apple actively trying to sabotage the company.

I was just about to make the exact same comment. One of these mishaps by itself would not surprise me. To have this many glaring issues in such a short timespan makes me question if they are not merely accidental.

 

[ignatius345]

The hits just keep coming.

 

[Sheza]

So when Apple had a bug that allowed root access via System Preferences, did nobody there think about doing some extensive QA on the entirety of System Preferences in case anything else is wrong with it?

Clearly not.