Posted on January 12, 2018 at 7:07 AM
The latest MacOS High Sierra security flaw marks the second major security issue discovered on the platform in the last three months.
Researchers recently discovered yet another major security flaw on MacOS which marks the second discovery unearthed in the space of three months. Earlier this week, a bug was reported on the Open Radar platform which gave a detailed description of an issue discovered on macOS High Sierra version 10.13.2. According to MacRumors, the flaw enables a user to unlock the App Store menu by using the System Preferences option using any password chosen at random. The whole process can be completed within five steps.
The bug report details that users can open up System Preferences and navigate to App Store settings. If the padlock icon is locked, users can unlock it by entering their Apple login credentials. However, the report notes that the particular login attempt also accepts incorrect login credentials, provided that the user is logged in as the local admin.
Once logged in, users can manage a host of settings related to the App Store, including enabling or disabling automatic downloads and app updates, managing OS security updates, etc.
Granted, this issue is perhaps not as critical as the previously reported security flaw found on macOS High Sierra, however, it can provide a malicious attacker with a unique way to compromise a victim’s device. By managing the victim’s security updates, for example, the hacker can ensure that the victim does not have the latest software to give them optimum security protection. The entire system could be left vulnerable to several bugs and malware that would otherwise have been addressed by security patches.
The bug report highlighted that this new discovery signified another embarrassing flaw in password-based issues for Apple.
In November 2017, a critical security flaw was discovered on macOS High Sierra. The flaw enabled any individual to log into a device by simply using the word “root” as a username and a blank password as login credentials. Following the login credentials input, a user simply had to click on the login icon several times for it to be effective. The issue was later addressed in a security update.
The latest issue is reported to have been addressed in the latest beta version of macOS 10.13.3. According to MacRumors, this update will become available later in January.
Apple released an official statement wherein which they apologized to users over the latest security flaw and the inconvenience and concern that it may have caused their users. The tech giant added that they were launching an audit into their developing process in order to release better software in the future.