Stop us if you’ve heard this one: Apple’s password protection in macOS can be thwarted

An Apple developer has uncovered another embarrassing vulnerability in macOS High Sierra, aka version 10.13, that lets someone bypass part of the operating system’s password protections.This time, a vulnerable dialog box was found in the System Preferences panel for the App Store settings. The bug, reported by developer Eric Holtam to the Open Radar bug tracker, has since been verified by Mac-toting netizens.The bug allows a user logged in with admin rights (this is important to note) to get around the password requirement when making changes in the App Store settings panel. Open the App Store settings panel, click on the padlock to make changes, a password prompt pops up, type in any string of text, and the “password” is accepted, unlocking the preferences panel.Aaron Lint, veep of research at infosec biz Arxan, claimed the trick can also be used to bypass the login requirements for some other settings panels as well, but not the important “Users and Groups” and “Security and Privacy” controls.

Source: Stop us if you’ve heard this one: Apple’s password protection in macOS can be thwarted • The Register

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com