MacRumors
All >
Guides
FaceTime

Everything you might want to know about FaceTime.

How to Clean and Sanitize your iPhone

Washing your hands is only going half way. You should also clean your iPhone regularly.

How to Group FaceTime

Many people are stuck at home, away from friends and family. Apple's FaceTime can video chat with up to 32 to people at once.

How to Clean Your Keyboard, Trackpad and Mouse

Same goes for your Mac. You touch it every day, so you should keep it clean.

iOS 13 Battery Tips
iPhone
Night Mode (iPhone 11)
iPhone 11 vs iPhone 11 Pro
iPhone 11 vs iPhone XR
iOS 13: Hidden Features
See more guides
Upcoming
iPhone 12
September 2020

Four new phones in three sizes expected with 5G and new AR capabilities.

iPhone SE 2
Early 2020

Low-cost device similar to iPhone 8 but with upgraded internals such as latest A13 chip.

MacBook Pro
Early 2020

Updated 13-inch model with the redesigned scissor keyboard expected.

AirTags
2020?

Apple is working on a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.

iOS 14
Foldable iPhone
See full product calendar

macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password [Updated]

Wednesday January 10, 2018 7:42 am PST by Joe Rossignol

A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.


MacRumors is able to reproduce the issue on macOS High Sierra version 10.13.2, the latest public release of the operating system, on an administrator-level account by following these steps:

• Click on System Preferences.
• Click on App Store.
• Click on the padlock icon to lock it if necessary.
• Click on the padlock icon again.
• Enter your username and any password.
• Click Unlock.

As mentioned in the radar, we can confirm that the App Store preferences login prompt does not accept an incorrect password with a non-administrator account, meaning there is no behaviour change for standard user accounts.

We also weren't able to bypass any other System Preferences login prompts with an incorrect password, with any type of account, so more sensitive settings such as Users & Groups and Security & Privacy are not exposed by this bug.

Apple has fixed the bug in the latest beta of macOS 10.13.3, which currently remains in testing and will likely be released at some point this month. The bug doesn't exist in macOS Sierra version 10.12.6 or earlier.

On the current macOS 10.13.2, the bug gives anyone with physical, administrator-level access to a Mac the ability to disable settings related to automatically installing macOS software, security, and app updates.

This is the second password-related bug to affect macOS High Sierra in as many months, following a major security vulnerability that enabled access to the root superuser account with a blank password on macOS High Sierra version 10.13.1 that Apple fixed with a supplemental security update.

Following the root password vulnerability, Apple apologized in a statement and added that it was "auditing its development processes to help prevent this from happening again," so this is a rather embarrassing mishap.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

It's worth noting that the App Store preferences are unlocked by default on administrator accounts, and given the settings in this menu aren't overly sensitive, this bug is not nearly as serious as the earlier root vulnerability.

Apple will likely want to fix this bug sooner rather than later, so it's possible we'll see a similar supplemental update released at some point, or perhaps it will fast track the release of macOS High Sierra version 10.13.3. Apple did not immediately respond to our request for comment on this matter.

In the meantime, if you keep your App Store preferences behind lock, you'll want to be more diligent in ensuring that you log out of your administrator account when you are away from your Mac. Alternatively, until macOS 10.13.3 is released, users can use a standard account rather than an administrator one.

While this bug isn't as dangerous as the root password vulnerability, being able to bypass a login prompt with any password is something that obviously shouldn't be possible and is an embarrassing oversight for Apple.

Tag: Mac App Store

Top Rated Comments

(View all)
Avatar
Crosscreek
29 months ago
Oh Apple....Lol

It just works....for anybody.
Score: 99 Votes (Like | Disagree)
Avatar
OldSchoolMacGuy
29 months ago
THIS WILL BE THE END OF THE WORLD!

WHAT HAS HAPPENED TO APPLE LATELY!? IF SOMEONE HAD ACCESS TO MY MACHINE THEY COULD CHANGE A COUPLE FAIRLY MEANINGLESS APP STORE PREFERENCES!!!!
Score: 42 Votes (Like | Disagree)
Avatar
shareef777
29 months ago
Passwords: now optional!
Score: 42 Votes (Like | Disagree)
Avatar
Darryl.Jenks
29 months ago
Wow. Just wow.
Score: 37 Votes (Like | Disagree)
Avatar
techno-Zen
29 months ago
Unreal, maybe focus less on retail store trees and more on stuff like this
Score: 33 Votes (Like | Disagree)
Avatar
Chupa Chupa
29 months ago
A tad bit disturbing because it's so blatant and Apple has stated security is a feature of its products. These type of basic omissions belie its claims. Feels like Mac OS is becoming Windows with all these security patch updates. Maybe Apple needs to slow down here a bit and get back to basics.
Score: 30 Votes (Like | Disagree)
Read All Comments

Top Stories

Apple Releases iOS and iPadOS 13.4 With New Mail Toolbar, iCloud Folder Sharing, Trackpad Support for iPad and More

Tuesday March 24, 2020 9:56 am PDT by Juli Clover
Apple today released iOS and iPadOS 13.4, the latest major updates to the iOS 13 operating system that was released in September. iOS and iPadOS 13.4 come two months after the release of iOS and iPadOS 13.3.1 with Screen Time Communication Limits. The iOS and ‌iPadOS‌ 13.4 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to...
Read Full Article193 comments

Apple Releases macOS Catalina 10.15.4 With Screen Time Communication Limits and Real-Time Apple Music Lyrics

Tuesday March 24, 2020 10:21 am PDT by Juli Clover
Apple today released macOS Catalina 10.15.4, the fourth update to the macOS Catalina operating system that was released in October. macOS Catalina 10.15.4 comes a couple of months after the release of macOS Catalina 10.15.3. macOS Catalina 10.15.4 can be downloaded from the Mac App Store for free using the Update feature in the System Preferences app. The macOS Catalina 10.15.4 update...
Read Full Article164 comments

Hands-On With Apple's New Smart Keyboard Folio for the 2020 iPad Pro Models

Tuesday March 24, 2020 12:38 pm PDT by Juli Clover
Apple last week introduced new 11 and 12.9-inch iPad Pro models, which are set to arrive in the hands of customers starting this week. Apple introduced a nifty new Magic Keyboard with trackpad alongside the new iPad Pro models that's coming in May, but it also debuted a new Smart Keyboard Folio, which is available now. We picked up the Smart Keyboard Folio for the designed for the 2020 iPad...
Read Full Article44 comments

Apple Helps Source Over 10 Million N95 Masks for Healthcare Providers in the U.S.

Wednesday March 25, 2020 10:25 am PDT by Juli Clover
Apple over the weekend announced plans to donate millions of N95 masks to hospitals in the United States and Europe, and according to Apple CEO Tim Cook, Apple has been able to source more than 10 million N95 masks in the U.S. and millions more in Europe. Apple CEO Tim Cook said on Saturday that Apple was aiming to donate supplies to healthcare providers fighting COVID-19, and clarified...
Read Full Article50 comments

Apple Considering Delaying iPhone 12 Launch 'by Months'

Wednesday March 25, 2020 12:51 pm PDT by Juli Clover
Apple is preparing to delay the launch of the 2020 iPhones expected to be equipped with 5G technology, according to sources with knowledge of Apple's plans that spoke to Japanese news site Nikkei. Apple has reportedly held internal discussions about the possibility of delaying the launch "by months" over fears of how well iPhones would sell in the current situation, and supply chain sources...
Read Full Article132 comments

2020 iPad Pro Unboxing Videos and First Impressions

Tuesday March 24, 2020 5:34 am PDT by Joe Rossignol
Apple last week introduced new iPad Pro models with an similar performing A12Z Bionic chip, an Ultra Wide camera for 0.5x zoom, and a LiDAR Scanner for enhanced augmented reality. The new iPad Pro models will begin arriving to customers and go on sale at select stores starting tomorrow, and ahead of time, the first unboxing videos have surfaced. The new iPad Pro models will be compatible with A...
Read Full Article65 comments

Hands-On With the New 2020 12.9-Inch iPad Pro

Wednesday March 25, 2020 2:10 pm PDT by Juli Clover
Apple last week announced new 11 and 12.9-inch iPad Pro models, and as of today, the new iPads are arriving to customers. We picked up one of the new 12.9-inch models and checked it out to see just what's new and whether it's worth buying. Subscribe to the MacRumors YouTube channel for more videos. When it comes to design, the new iPad Pro models are identical to the 2018 iPad Pro models, but ...
Read Full Article123 comments

Mobile Networks in Multiple Countries Display 'Stay Home' Message When Users Connect to Cellular Instead of WiFi

Tuesday March 24, 2020 3:46 pm PDT by Juli Clover
iPhone users in several countries who disconnect from WiFi on their devices will see a "Stay Home" message at the top of the Control Center where cellular network information is displayed. Image via Matt Navarra According to reports on Twitter, the status bar messages are showing up in countries that include Germany, Belgium, United Arab Emirates, Peru, Turkey, India, Luxembourg, Romania,...
Read Full Article99 comments

Apple Releases tvOS 13.4 for Fourth and Fifth-Generation Apple TV Models

Tuesday March 24, 2020 9:53 am PDT by Juli Clover
Apple today released tvOS 13.4, the third major update to the tvOS operating system that runs on the fourth and fifth-generation Apple TV models. tvOS 13.4 comes a couple of months after the release of tvOS 13.3.1. tvOS 13.4, a free update, can be downloaded over the air through the Settings app on the Apple TV by going to System > Software Update. Apple TV owners who have automatic software ...
Read Full Article28 comments

Benchmarks Suggest New iPad Pro's A12Z Chip is Nearly Identical to A12X in 2018 iPad Pro

Monday March 23, 2020 7:18 pm PDT by Juli Clover
One of the new 2020 iPad Pro models equipped with an A12Z chip arrived early to a Reddit user, who did some benchmarking tests to see how it performs. In a Geekbench 5 test, the 11-inch 2020 iPad Pro earned a single-core score of 1114 and a multi-core score of 4654, which is close to the Geekbench scores of the 11-inch iPad Pro from 2018. The 11-inch iPad Pro has an aggregate single-core G...
Read Full Article184 comments
Mac RumorsMac Rumors

 

MacRumors attracts a broad audience of both consumers and professionals interested in the latest technologies and products. We also boast an active community focused on purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.

Advertise on MacRumors


Our Staff

Arnold Kim
Editorial Director
EmailTwitter
Eric Slivka
Editor in Chief
EmailTwitter
Juli Clover
Senior Editor
EmailTwitter
Joe Rossignol
Editor
EmailTwitterGoogle+
Marianne Schultz
Editor
EmailTwitter
Dan Barbera
Video Content Producer
EmailTwitter
Mitchel Broussard
Contributing Editor
EmailTwitter
Tim Hardwick
Contributing Writer
EmailTwitter
Chris Jenkins
Contributing Writer
EmailTwitter
Steve Moser
Contributing Writer
EmailTwitter

Links

Touch Arcade
SwitchArcade Round-Up: The Latest Nintendo Direct Brought Surprises, ‘Saint’s Row IV: Re-Elected’ and Today’s Other New Releases, the Latest Sales, and More
‘Disgaea 1 Complete’ on iOS and Android Is Discounted for the First Time
The Big ‘Hearthstone’ 17.0 Update with the Demon Hunter Class, Duplicates Protection, Ranked Improvements, and More Is Finally Live on Mobile
GameClub Expands Family Sharing to 12 Members Per Subscription and Announces a TON of Games Coming this Spring
SwitchArcade Round-Up: ‘Mekorama’, ‘One Step From Eden’, and Today’s Other New Releases, the Latest Sales Featuring ‘Flinthook’ and More
‘Missile Command: Recharged’ from Atari Is Out Now on iOS and Android for Free to Celebrate the 40th Anniversary of the Series
‘Call of Duty: Mobile’ 1.0.11 Is Now Live Bringing Support for the Next Season ‘Steel Legion’, New Maps, New Ranked Season, and More
Freebie Alert: The ‘Holy Potatoes!’ Simulation Games Series from Daylight Games Is Free for a Limited Time on iOS
YouTube
NEW 2020 MacBook Air Hands-On & First Impressions
NEW iPad Pro Hands-On & First Impressions
Apple's New Smart Keyboard Folio for the 2020 iPad Pro!
Apple Releases iOS & iPadOS 13.4: Here's What's New!
New iPad Pro with Magic Keyboard, Updated MacBook Air, iPhone 12 Rumors, and More!
Copyright © 2000-2019 MacRumors.com, LLC.
Privacy / DMCA contact / Affiliate and FTC Disclosure
[ Featured On/Off ] [ Full Articles On/Off ] [ Fluid | Fluid HD ] [ Auto | Light | Dark ]