Skip to main content

Researchers uncover major macOS High Sierra password bug

(Image credit: Image source: Shutterstock/scyther5)

Apple's latest version of macOS High Sierra has a security flaw that allows anyone to unlock System Preferences in the App Store with virtually any password, researchers have found.

The bug has already been fixed in the OS’s latest beta version, 10.13.3, which is still in testing and should go live before the end of January. Earlier versions don’t seem to have this flaw.

According to MacRumors, here’s how you can get it done:

Bring up System Preferences >> App Store >> Click on the padlock icon to lock it >> Click on the padlock again >> Enter your username and any password >> Click unlock.

The App Store preferences login prompt doesn’t accept incorrect passwords with regular accounts, so you’ll need admin access - but it appears that the username always has to be correct.

A similar flaw was uncovered back in November, when reports surfaced that one could gain access to the root super user account with a blank password.

Back then, Apple apologised, saying it was "auditing its development processes to help prevent this from happening again," making the entire situation somewhat awkward.

“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again,” it said.

Image source: Shutterstock/scyther5