MacOS 10.13 High Sierra’s App Store System Prefs Panel Can Be Unlocked With Any Password

This one is relatively low stakes:

  • These settings are unlocked by default for admin users.
  • Entering a bogus password only works if you’re logged in as an admin user.
  • The settings in this panel aren’t particularly sensitive.
  • It’s apparently already fixed in the current High Sierra developer betas.

But, still, this is embarrassing given what we just went through with the very serious root-access-with-no-password bug. As a wise man once said, “Fool me once, shame on… shame on you. Fool me… You can’t get fooled again.”

Wednesday, 10 January 2018