macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password [Updated]

[Tech198]

This makes two security holes. First the blank password for root access, and this one..

I get this will be patched quickly.

My only thinking is, i am even more glad i stuck with 10.12.6.

Defiantly a steady decline. You can keep saying "its a bug" over and over to try and make it feel better, but how far can you take this before you start admitting to yourself. based on history?

At one point, you gotta start believing something else, otherwise u'r just fooling yourself.

 

[cmaier]

I’d rather this error than Microsoft’s pulling of the Spectre and Meltdown fix update because it bricked computers with AMD chips.

Apple's released OS updates that have bricked devices, too. No one is immune.

I think it's fair to hold Apple to a higher bar - we pay for the privilege.
[doublepost=1515617681][/doublepost]

I’d rather this error than Microsoft’s pulling of the Spectre and Meltdown fix update because it bricked computers with AMD chips.

And don't forget that Apple's fix update for the prior "root password" bug also had to be pulled because it made external disks stop working.

 

[Minas]

No, you have to enter a password, but it can be anything.

Ironically it works even without entering a password.

 

[Tech198]

"It's worth noting that the App Store preferences are unlocked by default on administrator accounts"

That's only if the user hasn't checked "Require system password" under System Preferences > Security & Privacy > Advanced.

 

[Martyimac]

No, you have to enter a password, but it can be anything.

AND it doesn't need anything, just tried and leaving the password blank works also.

 

[Zwhaler]

Wow, Apple have become a real mess. They tout themselves as valuing user privacy and security, yet they seem to be the ones handing out the keys themselves!

Seems like they tout the privacy aspect as it applies to selling new iPhones (Face ID) and the Touchbar ID on the MBPs... and other things that sell the products they care about most. MacOS gets sent close to back of the line for Apple's priorities on really important QC such as the password debacles of late.

 

[guzhogi]

I'm on 10.13.2 and it worked for me

I haven't read all the comments, but the ones I did read makes it look like it may be limited to 10.13.2. Kind of weird

 

[Rob_2811]

I don't see that at all. iOS 11 has been great for me since around beta 3, even better on the iPad. Runs great on my X and iPad Pro 10.5.

Its working for you thats great but it hasn't been without its issues

https://www.theverge.com/2017/12/2/16727112/iphone-crash-bug-december-2nd-2017

http://bgr.com/2017/11/28/ios-11-autocorrect-bug-how-to-fix/

 

[jgdeschamps]

That's why I'm still on Snow Leopard in my 2008 iMac for my personal stuff at home. It barely supports today's internet. How's that for security?



(It's sarcasm, or course...)

 

[kotopro]

I'm not sure if anyone knows this but...

The current VP of Security for Apple came from Blackberry. He was the head of software operations for QNX.

Echos of the past?

 

[BorderingOn]

Unreal, maybe focus less on retail store trees and more on stuff like this

Because the software developers have been coding store trees??

 

[chrfr]

That's only if the user hasn't checked "Require system password" under System Preferences > Security & Privacy > Advanced.

Which again is not a default setting. (It probably should be, however.)

 

[techno-Zen]

Because the software developers have been coding store trees??

Leadership focus

 

[kidaje]

Apple and Security... is like google and privacy

 

[Seppentoni]

Oh Boy. After the root disaster and now this I wonder what other bugs under the hood there are. And they are probably much more serious than this.

 

[Martyimac]

Oh Boy. After the root disaster and now this I wonder what other bugs under the hood there are. And they are probably much more serious than this.

I agree, waiting for the next boot to drop.

 

[BorderingOn]

Leadership focus

I'm betting those two parts of the organization each have their own management. That everyone blames Tim for every defect is ridiculous. Hopping on the bandwagon for a defect like this is silly.

 

[Delgibbons]

And people trust Apple to design secure ARM processors?!

They're basically as bad as Intel with these breaches.... first the root one now this

 

[AndyMacAndMic]

I’d rather this error than Microsoft’s pulling of the Spectre and Meltdown fix update because it bricked computers with AMD chips.

Yes and that error happened because AMD provided Microsoft with the wrong documentation about those CPU's. It is always easy to blame Microsoft first I suppose.

 

[Delgibbons]

Yes and that error happened because AMD provided Microsoft with the wrong documentation about those CPU's. It is always easy to blame Microsoft first I suppose.

Yes. That was an AMD cockup not Microsoft.

I don't trust AMD. One of my graphics chips died in a laptop and an ATI disk controller gave up the ghost. Shoddy and in my experience; Drivers are poor as well. Wouldn't touch them with a bargepole.

 

[macTW]

Yes and that error happened because AMD provided Microsoft with the wrong documentation about those CPU's. It is always easy to blame Microsoft first I suppose.

It is always easy to blame other for Microsoft’s mistake I suppose. Apple doesn’t push updates to devices their updates aren’t designed for.

 

[Glideslope]

I think it's fair to hold Apple to a higher bar - we pay for the privilege.

Absolutely.

 

[AndyMacAndMic]

It is always easy to blame other for Microsoft’s mistake I suppose. Apple doesn’t push updates to devices their updates aren’t designed for.

I repeat: AMD gave Microsoft the wrong information about those CPU's.

What is there not to understand? Microsoft can't possibly test all the configurations and devices Windows is running on. Apple can because they provide the hardware and the software.

 

[Phonephreak]

THIS WILL BE THE END OF THE WORLD!

WHAT HAS HAPPENED TO APPLE LATELY!? IF SOMEONE HAD ACCESS TO MY MACHINE THEY COULD CHANGE A COUPLE FAIRLY MEANINGLESS APP STORE PREFERENCES!!!!

This isn’t a big deal but what’s next?

 

[Delgibbons]

It is always easy to blame other for Microsoft’s mistake I suppose. Apple doesn’t push updates to devices their updates aren’t designed for.

It's not Microsoft's job to babysit AMD if they don't even know THEIR OWN PROCESSOR SPECS.

After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.

https://www.google.co.uk/amp/s/arstechnica.com/gadgets/2018/01/bad-docs-and-blue-screens-make-microsoft-suspend-spectre-patch-for-amd-machines/?amp=1