Following the root bug in November, a new security flaw has been discovered in the latest public version of macOS High Sierra (10.13.2).
First publicized by MacRumors, the bug allows entry into the App Store preferences panel using any password whatsoever.
But the impact of this bug is minimal. While it is unquestionably frustrating to see another security flaw slip through the cracks of Apple’s quality control division, there are no settings in the App Store preference panel that can be adjusted to compromise or allow access to any personal information.
This security flaw is nowhere near as serious as the root bug, and it requires some specific conditions to work. To replicate the bug, you need to be:
- On macOS High Sierra 10.13.2 (the bug is not present in 10.13.1 and has been fixed in the 10.13.3 beta)
- Logged in as the administrator (other user accounts aren’t affected).
This will hopefully be the last macOS High Sierra security flaw that we hear about for the rest of the year.