A new vulnerability has been found in .13.2 that enables anyone with to your Mac to unlock App Store system preferences using any username and password as long as you are logged in as a local admin.

This means that if your account is an admin and you leave the machine unattended, anyone with malicious intent can change the App Store settings on the Mac without your knowledge.

The bug has been reported on Open Radar from earlier this week, the vulnerability enables any user to change the App Store system preferences with any password, in five steps or less:

“Steps to Reproduce:
1) Log in as a local admin
2) Open App Store Prefpane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password”

According to Mac Rumors, Apple has fixed this issue in the latest beta of macOS 10.13.3, which currently remains in testing and will likely be published at some point this month. This issue doesn’t exist in macOS version 10.12.6 or earlier.

Users are not recommended to use a local admin account and make sure to lock the mac when it is not being used.

The following two tabs change content below.

is a professional pen-tester with over 9 years of IT experience a strong background in programming languages and application , ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and and was successfully acknowledged by them.

Source link


Please enter your comment!
Please enter your name here