macOS App Store Preferences Open With Any Password

6 years ago

January 11, 2018 at 7:30 am

This is one of those security bugs that is dumb rather than dangerous. On macOS 10.13.2, the App Store preferences can be unlocked using any password. It’s not a massive security problem but points to a bigger issue.

A bug report at Open Radar describes the issue and how to reproduce it. Basically, if the preference pane for the App Store is locked, entering any password will unlock it.

The impact is small as it’s only preferences for one application and, to get to it, you need to log into the operating system – and that password layer seems just fine.

But, what it indicates is a lack of testing when new releases are pushed out.

Given security is such a big deal, this is an embarrassing gaffe the company can ill afford at a time when security issues dominate the technology industry.

I suspect the list of items that get regression tested when Apple releases a new version of their software just got a little longer.

Comments

2 responses to “macOS App Store Preferences Open With Any Password”

READ THE COMMENTS

darren

January 11, 2018

This is sort of bad coming after the bug letting anyone log into a Mac with the username root and a blank password.

MS isn’t really a whole lot better, their 6 month rapid release schedule is missing stuff all the time too.

Log in to Reply
da user

January 11, 2018

From the link:
“Summary:
The AppStore Preferences in System Preferences can be unlocked by a local admin with any bogus password.
Steps to Reproduce:
1) Log in as a local admin
2) Open App Store Prefpane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password”

You need to log in as the local admin for this to work. If you have the local admin password to log in, you’d be able to get access to the padlocked content regardless of whether this bug was there or not.

Log in to Reply
mpschaefer

January 11, 2018

My system was so secure I had to first lock the App Store preference pane to check, but yep type any old garbage in and it unlocks.

Not sure I’ll loose any sleep over it…

Log in to Reply

Planning Your Euro Summer? Here’s 6 Apps to Help You Plan the Trip of a Lifetime

TPG Has Changed the Prices for Almost All of Its NBN Plans

Everything You (Probably) Didn’t Know Your Xbox Series X Could Do

Wrap Me in ALDI’s $30 Heated Winter Travel Blanket

Use the ‘365 Less Things’ Method to Declutter Your Home

TPG Has Changed the Prices for Almost All of Its NBN Plans

Wrap Me in ALDI’s $30 Heated Winter Travel Blanket

JB Hi-Fi Is Clearing Out Games For As Little As $2

Amazon Australia Beauty Week Sale: 24 of the Best Products to Shop

Don’t Pay More Than $65 With These Cheap NBN 50 Plans

macOS App Store Preferences Open With Any Password

Comments

2 responses to “macOS App Store Preferences Open With Any Password”

Leave a Reply Cancel reply