This is one of those security bugs that is dumb rather than dangerous. On macOS 10.13.2, the App Store preferences can be unlocked using any password. It’s not a massive security problem but points to a bigger issue.
A bug report at Open Radar describes the issue and how to reproduce it. Basically, if the preference pane for the App Store is locked, entering any password will unlock it.
The impact is small as it’s only preferences for one application and, to get to it, you need to log into the operating system – and that password layer seems just fine.
But, what it indicates is a lack of testing when new releases are pushed out.
Given security is such a big deal, this is an embarrassing gaffe the company can ill afford at a time when security issues dominate the technology industry.
I suspect the list of items that get regression tested when Apple releases a new version of their software just got a little longer.
Leave a Reply
You must be logged in to post a comment.