Science

Another password flaw has been discovered in Apple's MacOS

Another password flaw has been discovered in Apple's MacOS

It doesn't look as though any other password protected settings can be accessed with an incorrect password, and luckily none of the settings in the App Store preferences pane are too sensitive, meaning that it's a lot less serious than the bug from November. A user would just need to log in as a local admin, click System Preferences, select App Store, click the padlock icon to lock it (if it's unlocked), click the padlock again to unlock it, enter any phony password, click Unlock, and voila. This allows you to change settings such as what updates to install, whether to install security updates, and more. An editor at The Verge tested this and confirms the bug exists.

First, an attacker would need to have physical access to the device itself and either have the administrator's password (which would allow them to make changes to the system even if the login requirement worked properly) or gain access while an administrator is already logged in.

Experts say it is limited to the App Store and presents a relatively limited security risk.

Alarming: A&E chiefs from 68 hospitals warn patients are 'dying prematurely'
Ruth Davidson has called on the First Minister to stop cutting hospital beds while Scotland is in the midst of a "flu crisis". The flu rate had also doubled the previous week, from just over 20 per 100,000 to 46 per 100,000.

But it looks like Tim Cook's crew has got a little sloppy recently as yet another bug has been found in macOS High Sierra that allows anyone with local administrator access to unlock the App Store menu in the OS System Preferences by using A bogus password. If it is unlocked, lock it and then try unlocking it using your username and any password.

The bug is nowhere near as risky as the root-access security flaw that was uncovered previous year, whereby attackers could gain root access to MacOS computers by typing "root" in the username field and leaving the password field blank. Apple later fixed the issue with a security update. Macrumors states that it can not reproduce the error on the beta versions of macOS 10.13.3, suggesting it'll be fixed in an upcoming release.

Apple's Mac password troubles aren't over yet. Our customers deserve better. "We are auditing our development processes to help prevent this from happening again", Apple said in a statement.