Another Vulnerability Has Been Discovered In The Latest Version Of macOS High Sierra

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn13

A new vulnerability has been found in macOS version 10.13.2 that enables anyone with access to your Mac to unlock App Store system preferences using any username and password as long as you are logged in as a local admin.

This means that if your account is an admin and you leave the machine unattended, anyone with malicious intent can change the App Store settings on the Mac without your knowledge.

The bug has been reported on Open Radar from earlier this week, the vulnerability enables any user to change the App Store system preferences with any password, in five steps or less:

“Steps to Reproduce:
1) Log in as a local admin
2) Open App Store Prefpane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password”

According to Mac Rumors, Apple has fixed this issue in the latest beta of macOS 10.13.3, which currently remains in testing and will likely be published at some point this month. This issue doesn’t exist in macOS Sierra version 10.12.6 or earlier.

Users are not recommended to use a local admin account and make sure to lock the mac when it is not being used.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn13
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply