MacOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password

macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password

A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.

openradar.appspot.com/36350507

Other urls found in this thread:

support.apple.com/en-ca/HT208394
apple.stackexchange.com/questions/312294
reddit.com/r/apple/comments/7qf4or/yet_another_security_bug_macos_high_sierra/
imore.com/iphone-crashing-dec-2-heres-fix
twitter.com/SFWRedditVideos

Is this supposed to be a feature?

Who cares? No macos users here.

the login just werks man, it's a feature

hmmm

How to log in as local admin on MacOS:
1) Click on 'Show Password Hint'
2) Copy hint into password textfield

Ooops sorry. I meant to say this:
1) Hit Enter with empty password until it works

Apple's back-end technology is usually pretty solid but clearly something is wrong with this release.
I guess that's why they named it High Sierra.

macOS user here, confirmed true

not a big deal, but makes you think about their code quality

...

Did anyone really expect that peice of shit to be secure?

I haven't updated yet because I'm lazy as fuck but it seems i'm dodged a bullet.

The problem was that this bug actually creates a local admin user even if one doesn't already exist.

I thought this was reported months ago.

That was a different bug that could be replicated by a non privileged user

I-I cannot control it anymore...
iFAGS BTFO

Jesus Christ Apple, this is at least the third dumb security fail you've had with High Sierra.


Wrong, I use it.

It seems they've all but abandoned MacOS, putting all their resources into iOS. Very odd though, considering the amount of cash they have on hand, they could build a very competent team. I should have known it was going downhill when they fired most of the kernel developers though.

when?
any links on this?

they'll soon be ARM only

Strange, I cannot find a source for you, but I definitely recall them downsizing the team and moving some into iOS. Hubbard is the most high profile one that worked on the OSX kernel but he left in 2013.


Especially if that "What's a computer?" ad is anything to go by.

Oh and, obligatory Apple fanboy internet defense response is pic related.

I wanted to see what the macfags on reddit were saying about this. Here's one from /r/macos, this is battered-wife syndrome.

Thats also about the same time OSX really started to go to shit. Mavericks was the start of the real shitshow and its been getting worse since. Now its like they are not even trying. They are slow to release updates and high priority things get botched.

10.4 was the high watermark and coincidentally it was the last release before they came out with iOS.

My bet is they just have a few pajeets limping it along until they switch to ARM.

Apple is moving Mac consumers from OS X to iOS. The Mac will die within a few years because Apple is killing it.

The Apple is rotten.

Seems so. I'm already dual booting a linux distro after the disastrous high sierra.

My employer sent out a notice that macfags should upgrade to High Sierra this week because of Meltdown.

This is ridiculous.

I'm pretty sure the Meltdown patches are backported to Sierra.

I am stopping at Sierra also. When things start to break from requiring High Sierra I'll move on to TrueOS or FreeBSD.

I was very tempted by both of those options, but figured linux would be smoother on a laptop.

...

But Apple is one of the top contributors to FreeBSD 12.

do you know de wey?

Apple also funded Clang. That let freebsd get rid of gcc.

This is like saying root can use passwd on any other user or see what is in their /home.

"admin" is superuser on OSX.

I'm buttfucking your shitty forced meme for luls and trolling violent leftist domestic terrorists.

proof?

I know de whey

HAHAHAHAJAHAHHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHHAHAHAHAHAHAHHAHSHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHAHHAHAHAHAHAHAHAHHAHAHAHAHAHAHHAHAHAHAHAHHHAHAHAHAHAHAHHAHAHAHAH
LOLOLILILILILILILILILLLLLLLLOLOLOLOLOLOLOL

Do your own research. I also expect they'll patch El Capitan.

wew

Because it takes a second to confirm yourself.
support.apple.com/en-ca/HT208394

My mistake, it looks like only Spectre has been addressed for El Cap/Sierra, I would expect Meltdown to be patched for Sierra given the severity, but it does not appear to be patched yet.

Found another bug which is arguably worse than this
apple.stackexchange.com/questions/312294
tl;dr when the screen is locked, a snapshot of the screen (at the moment when it was not locked — may have some important data obviously) can be trivially seen by anybody who has a fraction of a second of physical access.

I'm happy to read these news because they mean Apple will be rotten in five years or less

But what should I do to make it also appear in the news articles or something?
AFAIK it's a new thing, and while it's not as devastating as the empty root password or password being put into the hint, it's still quite bad


but whatever, I already made the mistake of upgrading to High Sierra anyway

Spread it on the Apple subredit.

Sorry for sperging out, I unfortunately had to visit reddit for some information and your post reminded me of how those tards speak.

reddit.com/r/apple/comments/7qf4or/yet_another_security_bug_macos_high_sierra/
am I doing it right? I don't use reddit often

Apple is intentionally ruining the reputation of OSX and Macbook so they can discontinue the whole line and get everybody using iOS.

iOS cannot do what macOS can. the direct migration path is Ubuntu or fucking Windows.

For you. For the average normie, the phone is actually more powerful because you can easily take it anwhere for the purpose of taking a selfie.

Most normies can get along fine with just an iPad. What do they see as the biggest limitation for general use? Smaller screen and no real keyboard/mouse.

Holla Forums can't see it because we all need full blown computers but when you look at the industry the "Desktop" computer in the home is dead. Laptop sales are flat or falling.

Look at what the typical Mac users do. Word possessing, email, video streaming, social media. All shit that could be done on iOS with a tweaked UI on top of it.

spooky tbh

...

maybe, normies can.
but if apple wanted to ditch macos, they could simply kill it and be done, why not?.
also, I've heard that ios 11 is also a piece of shit, I cannot confirm because I never used or will use it, but that's what the web is mumbling.

Have you noticed that PDFs render atrociously on HS? On my machine (and it seems many others) the fonts are very blurry. The reason for it is apparently because they ported the iOS pdf renderer to the MacOS and the result is pure crap. If they're not able to fix it by 10.3.3 I'll probably wipe the OS off.

Looks OK but I am using RETINA™ DISPLAY™ so maybe it's not representative.
Are you testing with PDF file which has real text (as text) or a scanned image?
Anyway, the Preview is shit for image viewing and it always was. It fucking can't open several images to show them in order, it randomly breaks the order and/or opens in more than 1 window, arbitrarily choosing which image goes to which window. This is beyond unreasonable.
You also ave the choice of using a browser, nowadays most of them have embedded pdf.js which usually can handle PDFs without problems.

Yeah Retina display, and real fonts. The other popular PDF viewers all seem to use Apple's PDFKit, so display the same problems. I refuse to install Adobe software so Acrobat crapware is out of the question. Browser rendering is actually what I resorted to, but it's a pathetic work around.

Also, it's not just PDF issues. Apart from the lackadaisical approach to security, even things like Spotlight occasionally crash, and I've encountered a few issues where the machine does not wake from sleep. All of these issues seem to be fairly common in high sierra.

You either have the full power of a computer available to you or you have a glorified tv. Users can't get better if the whole system is locked down.

Wasnt there also a thing where you could unlock accounts by typing 'password' into the password field?

What the fuck apple, get your shit together.

Not even password, just typing anything worked. There was also the incident where it saved your full password as the password hint. It's like Apple put all the lowest IQ diversity hires into MacOS development. It's a shame, because I happen to like the OS (when it works), but they seem intent on ruining it.

...

Apple wants a closed system like iOS. If mac users run stuff that they got outside of the App Store then Apple sees that as a fault.
It is clear Apple doesn't give a shit about OSX and did a damn good job getting rid of the powermac users and old UNIX guys. They don't want power users they want consumers.
Replacing native OSX applications with ones ported from iOS is just the beginning.

I still struggle to believe how a company with the resources of Apple can put out something as retarded as the cylinder Mac Pro, emoji bar Macbook Pro or let models line languish for half a decade without updates. They might not have always been price or performance competitive depending on the chips at the time but at least it felt like they fucking tried back then.

Steve Jobs was the only thing holding them together. After he died it all went south as the company started being led by Pajeets.

Ya Jobs would never let Mac get to what it is today. Compared to the iPhone/iPad it's weak on profits but that never stopped him from sinking money and engineering in.

out of curiosity I checked their site, the trashcan hasn't been updated since release.
no worries though, the imac pro with it's starting price of only $4,999* will surely sell.

* configures up to $13,427. mfw

To be fair, the Powermac Cube was Jobs' baby and that was a retarded idea too. At least he wasn't stupid enough to replace the regular model with it though.

The cube didn't really catch on but the Mini did. Apple has sold tons of them but they are letting it die now. No update since 2014.

The Mini is the last good computer they have left. WTF

Holy shit, the top response you got (upvoted 174 times)


There's nothing wrong with this because it has been broken for a long time!!!! This is why even people who like Macs hate the Apple fanboy.

The mini is just low end specs in a small package and was their cheapest model. So of course it sold. Comparing it with the Cube is silly.

The Mini was what Apple customers actually want. The Cube is what Jobs thought they wanted. The MacBook Air is what Apple thinks their customers deserve.

Apparently so. They had some sort of bug last month where any notification would cause the system to crash if the date was December 2nd.
imore.com/iphone-crashing-dec-2-heres-fix

There goes my theory that MacOS sucks because of concentrated iOS development. Just what the fuck are they doing in that spaceship? I don't want to know.

Letting the hard to engineer macs rot for years and doing the absolute bare minimum with OS X is really starting to advance that switch to ARM rumor.

Everyone makes themselves admins when they turn their computers on for the first time.

cool