1 min read

How to protect your Mac from the "App Store password" bug

Filip TRUȚĂ

January 11, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
How to protect your Mac from the "App Store password" bug

Shortly after the discovery of the “root” bug plaguing Macs worldwide, Apple is faced with another embarrassing flaw in the newest version of its macOS. And it”s yet another password-centric vulnerability.

A recent post on Open Radar reveals that the App Store preferences pane in System Preferences can be unlocked by a local admin with a bogus password – or, as our own tests revealed, no password whatsoever.

The steps to reproduce the bug are:

1) Log in as a local admin

2) Open the App Store preferences pane from the System Preferences

3) Lock the padlock if it is already unlocked

4) Click the lock to unlock it

5) Enter any bogus password (or leave the password field blank)

6) Hit Return / Enter

If these steps reproduce the bug on your Mac, you are affected.

The flaw is not terribly dangerous, but it”s not entirely harmless either. Anyone with physical access to the machine can alter the settings to control how that Mac downloads and handles third-party software. A bad actor could (theoretically) use this bug to make it easy to deploy malware onto the unsuspecting victim”s computer at a later time.

Mac users running macOS High Sierra 10.13.3 beta are reportedly unable to reproduce the bug, indicating that either Apple is aware of the flaw, or something new in the beta inadvertently “breaks” the bug. So, what can you do until Apple releases the fix? Not much except tighten the existing security settings on your Mac.

You can leverage the “hot corners” feature to quickly enable a screensaver whenever you get up from your desk. Go to System Preferences -> Desktop & Screen Saver and look for the Hot Corners button in the bottom right-hand corner of the window.

Then, you should set your Mac to ask for a password immediately after the screensaver kicks in. To do this, visit the Security & Privacy module under System Preferences.

Finally, look out for Apple”s 10.13.3 update and install it the moment it becomes available.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read