Fixed: macOS revealed a Security Flaw Can Be Unlocked with Any Password
Just less than two months ago, Apple users discovered a low serious security flaw in macOS again, that allowing anyone to log in with root access. Though Apple apologized and fixed it quickly, what happen to macOS these years with so many flaws exposed? Now users on Open Radar have found a similar (but far less severe) macOS password bug.
The vulnerability is also very simple, if you’re running macOS High Sierra, try this:
• Click on System Preferences.
• Click on App Store.
• Click on the padlock icon to lock it if necessary.
• Click on the padlock icon again.
• Enter your username and any password.
• Click Unlock.
No matter what passport you put in, the App Store preferences pane would be unlock. Moreover, you can use any password in iMac and MacBook Pro which running macOS High Sierra 10.13.2.
The bad news is that this is a really easy to replicate security vulnerability. The good news is that users running the 10.13.3 beta have not yet been able to reproduce the bug, so it’s probably fixed in that upcoming release.
Soon, following the root password vulnerability, Apple apologized in a statement and added that it was “auditing its development processes to help prevent this from happening again,” so this is a rather embarrassing mishap.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
But the explosion of the flaw also leaves some questions to Apple about what’s going on with their systems. There are always low-level flaws, can we still trust macOS like we used to do?