Being able to change preferences in the App Store allows you to change the schedules for app updates, system updates, and security updates.
Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system.
Researchers have discovered a flaw affecting macOS High Sierra that allows the App Store preferences menu to be unlocked by an administrator with any password, correct or not. This allows you to change settings such as what updates to install, whether to install security updates, and more.
Experts say it is limited to the App Store and presents a relatively limited security risk.
Barclays Raises Domino's Pizza (DPZ) Price Target to $215.00
Eight research analysts have rated the stock with a hold rating and fourteen have issued a buy rating to the company. The firm had revenue of $643.60 million during the quarter, compared to analyst estimates of $627.85 million.
With I Am Root still fresh in the memories of users and the recent hoopla over Meltdown and Spectre not yet died-down, this comes at a particularly unwelcome time. If you're on macOS High Sierra 10.13.2, any password will unlock the preferences. Then click on the padlock again to unlock it and a prompt should pop up where you can enter your username and password.
Back in late November, the company wrote: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused". Thankfully Apple was quick in issuing an update that fixed the problem, but now it appears that a new password bug has appeared. Our customers deserve better. Apple has apparently fixed it in the beta of MacOS 10.13.3, which is still being tested and will be released later this month. "We are auditing our development processes to help prevent this from happening again", Apple said in a statement.
We should note that these settings are unlocked by default on administrator accounts, as they aren't especially sensitive. There's no current workaround to this issue, so the only real option is to wait for Apple to provide a solution.