Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by providing any password.
The vulnerability was reported by Eric Holtam and affects the latest version macOS 10.13.2. The issue doesn’t affect non-admin accounts that must provide correct credentials to unlock the AppStore Preferences.
The steps to reproduce the issue and grants access to change the AppStore preferences are:
Holtam highlighted that the issue doesn’t affect other system preferences panel (i.e. system preferences).
The flaw has a limited impact because it can only be triggered by admins, anyway, anyone with a physical access to a machine that was left unattended by a user logged as admins can exploit the vulnerability.
Apple already issued a security patch in the latest beta version of macOS High Sierra (10.13.3) and the problem will be addressed in a future update for stable versions.
In November, an authentication bypass issue was publicly disclosed via Twitter by the developer Lemi Orhan Ergan. The flaw in macOS High Sierra allowed gaining root access to a machine with no password.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – macOS High Sierra, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices…
Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…
This website uses cookies.