How to protect your Mac from the "App Store password" bug
Shortly after the discovery of the “root” bug plaguing Macs worldwide, Apple is faced with another embarrassing flaw in the newest version of its macOS. And it”s yet another password-centric vulnerability.
A recent post on Open Radar reveals that the App Store preferences pane in System Preferences can be unlocked by a local admin with a bogus password â€“ or, as our own tests revealed, no password whatsoever.
The steps to reproduce the bug are:
1) Log in as a local admin
2) Open the App Store preferences pane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password (or leave the password field blank)
6) Hit Return / Enter
If these steps reproduce the bug on your Mac, you are affected.
The flaw is not terribly dangerous, but it”s not entirely harmless either. Anyone with physical access to the machine can alter the settings to control how that Mac downloads and handles third-party software. A bad actor could (theoretically) use this bug to make it easy to deploy malware onto the unsuspecting victim”s computer at a later time.
Mac users running macOS High Sierra 10.13.3 beta are reportedly unable to reproduce the bug, indicating that either Apple is aware of the flaw, or something new in the beta inadvertently “breaks” the bug. So, what can you do until Apple releases the fix? Not much except tighten the existing security settings on your Mac.
You can leverage the “hot corners” feature to quickly enable a screensaver whenever you get up from your desk. Go to System Preferences -> Desktop & Screen Saver and look for the Hot Corners button in the bottom right-hand corner of the window.
Then, you should set your Mac to ask for a password immediately after the screensaver kicks in. To do this, visit the Security & Privacy module under System Preferences.
Finally, look out for Apple”s 10.13.3 update and install it the moment it becomes available.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022