Cementing January as the worst month of the year, at least for Apple, another bug has been uncovered in MacOS High Sierra. Although not particularly serious, it does reflect badly on the world's most successful company.
Eric Holtam, a Mac developer, posted the bug to OpenRadar on the 8th of January. He writes in the summary section, ‘The AppStore Preferences in System Preferences can be unlocked by a local admin with any bogus password.'
The bug appears exactly as stated. A local admin can enter their username and any password in the App Store section of System Preferences to unlock the menu.
We should note that these settings are unlocked by default on administrator accounts, as they aren't especially sensitive. Anyone with access can enable or disable settings related to automatically installing MacOS software, security and app updates.
High Sierra (10.13.2) appears to be the only vulnerable version of the OS at present; the vulnerability doesn't appear on MacOS 10.12.6 or earlier. Apple has apparently fixed it in the beta of MacOS 10.13.3, which is still being tested and will be released later this month.
The bug is nowhere near as dangerous as the root-access security flaw that was uncovered last year, whereby attackers could gain root access to MacOS computers by typing 'root' in the username field and leaving the password field blank. Attackers could use that particular vulnerability to install malicious programmes, delete Apple IDs and anything else that they wanted to do.
Then, on the 31st December, a researcher found a vulnerability in MacOS related to local privilege escalation that had gone unfixed for 15 years. Like the above, the flaw could be used to gain root permissions, although it was more difficult to do so.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago