Another password bug has been uncovered in macOS High Sierra, and while it’s not nearly as serious as the one which cropped up late last year, it’s still highly embarrassing for Apple as the new year kicks off.
As the Register reports, developer Eric Holtam found the flaw which lies in the App Store settings under System Preferences – assuming the owner of the Mac has instigated a password requirement here. If you attempt to make changes here, a password is requested, but the kicker is you can type in any password and it will work.
This is just one corner of the operating system, of course, and more to the point, you need to be logged in with admin rights already (so a would-be abuser of the flaw would need to find a computer that has been logged in by the owner of the account and subsequently left unattended). But if that’s the case, the settings panel password prompt is about as useful as the proverbial chocolate fireguard.
There have also been claims that this particular bug may affect some other settings panels, too.
Really, this isn’t a particularly serious bug or anything much to worry about. It’s just that it reflects badly on Apple because it gives the impression – or rather, reinforces the impression, given last year’s fracas – of rather shoddy testing and checking procedures when it comes to pushing out new builds of its desktop operating system.
As we concluded in our 2017 ‘report card’ for Apple, the one thing the company doesn’t need is to make further mistakes on the security front this year. But if one of Apple’s New Year’s resolutions was indeed to avoid silly security slipups like easily bypassed password prompts, the firm appears to have fallen at the first hurdle.
It seems that Apple needs to tighten up some aspects of its operation when it comes to software QA, for sure.
That said, in terms of keeping a balanced perspective, when it comes to the really big threat that has emerged at the beginning of 2018 – Meltdown and Spectre – Apple has been pretty swift to move.
It had already released ‘mitigations’ for Meltdown when news of these two huge bugs broke last week, and this week, the company also patched macOS against Spectre with an update for High Sierra 10.13.2.