After the high profile discovery of the security hole that allowed users to bypass the login for macOS, its now the System Preferences app that has been found accessible using any password.
Apple’s Mac OS Sierra is in the news again thanks to another security loophole that has come to the fore. This time, it is the App Store System Preferences that has been found to be accessible to anyone using any password. This, when it is the system password that should have been the only key granting access to the privileged section.
The discovery no doubt brings back memories of the infamous bug that allowed anyone with root access to a device to log in with the least of a hindrance. That happened to be too serious a flaw to have evaded scrutiny at Apple before making the OS version available to the public.
The present case is of much less severity though nonetheless, it is the last thing to be expected from mainstream OS used by millions of users. Apple is yet to respond but is likely to have already caught their attention and the fix already in the pipeline.
As has been revealed, the bug affects macOS, version 10.13.2 but can’t be reproduced with version 10.13.3. Maybe Apple already got aware of the loophole and applied the fix. No doubt they would have hoped it wouldn’t get discovered as well and save them the embarrassment of having to deal with another security hole with the macOS within just months.
Unfortunately, that is not how things have panned out. As for the bug itself, here is how users can recreate the scenario. Things start with the System Preferences app > App Store. There, any password entered will work, which surely isn’t the way it should be working.
See Also: Rumor: Apple can acquire Netflix for $220bn.
However, while it is good to see the bug fixed in macOS 10.13.3, it still isn’t clear when it is going to be launched. Maybe, Apple will push for an early release now that report of the bug has already reached the public domain coupled with another PR exercise to help instill user’s faith on the OS.