Loading...

Apple releases a new macOS High Sierra update that puts users security at risk

Apple releases a new macOS High Sierra update that puts users security at risk

Our cybersecurity team is investigating a security flaw affecting the latest macOS. This vulnerability allows any user logged with admin accounts to access AppStore Preferences from System Preferences without providing any security credentials.
Our experts explain that this flaw works only on High Sierra 10.13.2 when users are already logged in on accounts with admin attributions, non-admin accounts are not affected by this bug, and the flaw will not work from this type accounts.

If a user wants to reproduce this flaw, he has to access AppStore Preferences in System Preferences then click on the padlock icon to lock it if necessary, then click it again. This kind of action should lead to a window asking for admin credentials, here user can enter any password, and AppStore Preferences will be unlocked and manageable.

This is not a significant security flaw because Apple let the padlock unlocked by default on any accounts, but is still a security flaw that mustn't have to be present on top OSs like macOS that are promoted as very secured for any users.
Apple already fixes this embarrassing flow, and the patch will be available to all users in the future update of macOS High Sierra (10.13.3).
macOS High Sierra is one of the OSs for macs with significant security flaw since the beginning.
The most prominent security flaw was discovered in macOS High Sierra 10.13.1 back in November 2017 when any password could be used to access root account if the account hasn't been enabled or hadn't be protected with a password.

Our top cybersecurity analyst says: "Every user should not rely only on OSs basic security options because many of them have multiple vulnerabilities that can be exploited once they are discovered. This is why every user should protect this device and his data at least with one strong security layer like top antivirus software."

CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte