Password related vulnerability again on Mac, 'macOS High Sierra' can access part of system configuration without password

byWesson Wang

In the bug report published in January 2018 "Open RadarBy "Apple OS provided by Mac OS"macOS High Sierra"It is pointed out that there is a security vulnerability in" If you use this vulnerability, it seems that you can access to the App Store screen of the system configuration without a password.

macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password - Mac Rumors
https://www.macrumors.com/2018/01/10/macos-high-sierra-app-store-password-bug/

For the procedure, first open "System Preferences" and select "App Store" in it. Click the padlock icon at the bottom left of the screen to make it locked once and click again. Then you are prompted to enter your user name and password, but normally it is said that you can unlock locks that can not be unlocked without entering account information with an arbitrary password. This bug can be reproduced only with "macOS High Sierra 10.13.2", and it has already been fixed in "macOS High Sierra 10.13.3".


By using this vulnerability, it is possible to change settings related to password requests in the App Store, and to change settings related to OS and application updates. However, in the initial setting, locking of the App Store in the system environment setting is canceled.

Speaking of macOS High Sierra, we found a vulnerability in November 2017 that allowed access to the administrator account without a password, and this vulnerability is a "second password related bug" and Mac Rumors It is.

Vulnerability can be found which makes it possible to access the administrator account without password in latest OS "MacOS High Sierra" for Mac - GIGAZINE


About this vulnerability, Apple makes a statement saying "We are auditing the development process so that this will not happen again."