Another password flaw hits macOS as Apple breaks a New Year’s resolution already

News
By published

Less serious bug than last year’s doozy, but still a bad start to 2018

MacBook Pro

Another password bug has been uncovered in macOS High Sierra, and while it’s not nearly as serious as the one which cropped up late last year, it’s still highly embarrassing for Apple as the new year kicks off.

As the Register reports, developer Eric Holtam found the flaw which lies in the App Store settings under System Preferences – assuming the owner of the Mac has instigated a password requirement here. If you attempt to make changes here, a password is requested, but the kicker is you can type in any password and it will work.

This is just one corner of the operating system, of course, and more to the point, you need to be logged in with admin rights already (so a would-be abuser of the flaw would need to find a computer that has been logged in by the owner of the account and subsequently left unattended). But if that’s the case, the settings panel password prompt is about as useful as the proverbial chocolate fireguard.

There have also been claims that this particular bug may affect some other settings panels, too.

Shoddy security?

Really, this isn’t a particularly serious bug or anything much to worry about. It’s just that it reflects badly on Apple because it gives the impression – or rather, reinforces the impression, given last year’s fracas – of rather shoddy testing and checking procedures when it comes to pushing out new builds of its desktop operating system.

As we concluded in our 2017 ‘report card’ for Apple, the one thing the company doesn’t need is to make further mistakes on the security front this year. But if one of Apple’s New Year’s resolutions was indeed to avoid silly security slipups like easily bypassed password prompts, the firm appears to have fallen at the first hurdle.

It seems that Apple needs to tighten up some aspects of its operation when it comes to software QA, for sure.

That said, in terms of keeping a balanced perspective, when it comes to the really big threat that has emerged at the beginning of 2018 – Meltdown and Spectre – Apple has been pretty swift to move.

It had already released ‘mitigations’ for Meltdown when news of these two huge bugs broke last week, and this week, the company also patched macOS against Spectre with an update for High Sierra 10.13.2.

  • More than one of Apple’s MacBooks makes our list of best laptops
See more Computing News
TOPICS
Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Computing Security
Dark Web monitoring
How users benefit from Dark Web monitoring
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ensure data security for your business
The complete data protection system for your business
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about computing security
Dark Web monitoring

How users benefit from Dark Web monitoring
A person holding a phone looking at a scam text with warning signs around

A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
Page shows the getting started page on the Notability app.

I enjoyed testing this satisfying note-taking app, but its collaboration skills were weak
See more latest
Most Popular
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks