The latest macOS High Sierra has a gaping security hole that provides easy access to the App Store system settings, which unlocks using any password.
Gaining entry to the App Store System Preferences was made easy with the bug detected on macOS High Sierra version 10.13.2, courtesy of a report filed on Open Radar. In a recreated scenario, the bug will open the App Store to potential exploits in just a few steps. Users will simply need to log in as local admin, lock the padlock icon, and unlock it anew using a username and a random password.
However, the detected vulnerability is not the same as having root or superuser access. It appears too that Apple has already resolved the issue in the beta version of macOS 10.13.3, which is scheduled to roll out this January.
Cause For Concerns
It's possible too that the bug exists by design since the App Store System Preferences is unlocked by default when logged in with administrator privileges. This is so because the settings in the same menu are not seen as high-security risks.
The main cause of concern is the lack of a solid protective wall that will deny entry to Apple's vaunted and sophisticated operating system for personal computing. The App Store that is easy to crack seems unbecoming of Apple, a company that prides itself for having robust security protocol.
It's noteworthy, though, that in recent months, Apple was compelled to deal with nagging security lapses that put to question the integrity of its products and services, specifically the macOS.
Security researchers called out Apple last September 2017, when an exploit High Sierra was discovered that will allow would-be hackers to lift plaintext password from Keychain. Then in December, macOS was again the subject of vulnerability talks with security experts pointing to the so-called root login bug. The exploit will reportedly provide root access to machines running on High Sierra just by inputting "root" as username, with no password requirement.
These series of security faux pas on Apple's part served as a huge embarrassment for the company that normally responds in swift and resolved manner in matters of security.
This time around, the App Store having a door open for a potential compromise should serve as a gentle reminder for firm to review its OS updates. With better quality assurance system in play, it's more likely that bugs and exploits will be minimized or eliminated altogether during update releases.