Hackersonlineclub confirmed the Bug after reproducing it by self.
First report was submitted on Open Radar that has revealed the biggest Security flaw in MacOS High Serra current version. The Bug allows the App store menu in System preferences to be unlocked with any kind of password. Shocking! but its True.
Step to Reproduce
- Click on your System Preferences
- Click on App Store
- Enter your Username and any password (123456 or xyz)
It is easy to exploit when the user is logged in to a Mac OS with administrator privilege. Cyber criminals can take advantage of this flaw.
In September, a security researcher found the exploit to snag plaintext password from Keychain. It is the second time a login bug has been found after the security flaw was discovered in November, which was allowing to login to a Mac by typing ‘root’ as user name with no password.
Apple haven’t commented about this bug yet but we are expecting that it should be fixed with the upcoming MacOS 10.13.3 version.