Users can access the App Store preference panel by entering any password
Apple’s current version of macOS High Sierra again becomes the victim of security vulnerability. This time it's the App Store menu in the system preference spotted by the Macrumors on the Open Radar. The bug lets the user login to the App store preferences by entering any password with the username. This is the second time when the Apple’s operating system has been pointed for having system vulnerability in months.
In order to check the flaw, you need to have a Mac device with macOS High Sierra version 10.13.2, the latest public release accessed via the administrative account. Then follow the below-given steps
Go to the System Preference
Click on the App Store
Now, click on the padlock icon to lock if isn't.
Click again on the padlock icon
Enter the Username and any Password
Click on the unlock
Once you hit the unlock tap the system will grant the access to the App Store preference, doesn't matter what password you have entered. With the access to an App Store settings panel, one can enable or disable the automatic downloads, installation of the app and the updates of the operating system. However the threat is not much severe security risk compared to the root login bug or Meltdown and Spectre flaw but still, it puts a question on Apple’s security login structures. In addition to this if someone has the access to your system they can even disable the automatic updates and can leverage the available vulnerabilities.
The bug won't work if you try to bypass the security login for App Store preference with any non-administrative account which means the more sensitive security aspects aren't exposed to the bug. Apple has already fixed the bug in the latest beta version of macOS High Sierra 10.13.13 and the bug isn't available in macOS Sierra version 10.12.6 or earlier. On the macOS High Sierra, the App Store settings are unlocked by default, but some of the users with more security concern could have locked it.
Although the bug isn't as serious as the root login, Apple is still working to fix the bug sooner than later. In that case, we may expect the release of macOS High Sierra 10.13.3 much sooner. In the meantime, Apple also needs to make sure that its security aspects are free from any possible vulnerabilities and don't need to push embarrassing fixes.
She is a content marketer and has more than five years of experience in IoT, blockchain, Web, and mobile development. In all these years, she closely followed the app development, and now she writes about the existing and the upcoming mobile app technologies. Her essence is more like a ballet dancer.