Apple Apologizes for Error That Lets Bogus Passwords Unlock App Store Preferences on macOS High Sierra

By Jessica Ferrera, Christian Post Contributor

Apple immediately recognized and apologized for a recently discovered weakness in its App Store's password security on macOS High Sierra.

Mac Rumors spotted a report on Open Radar titled "[App Store] Preferences lock is a lie" that talked of how a "bogus password" could actually unlock an App Store Preferences tab.

In the experiment, the Open Radar report used a computer running on macOS 10.13.2 with build number 17C88.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

The error will only be noticeable when the computer is running on an active local admin account. To test if the device is affected with this issue, macOS users can proceed to the App Store Preferences panel, click the lock icon and enter any incorrect password. Instead of denying access, the report claimed that the wrong credentials would actually work.

Mac Rumors tried to reproduce the error and confirmed that it had worked on the computer they used, but only when they signed into a local admin account.

The same report added that the error did not seem to affect MacBooks with macOS Sierra version 10.12.6 or earlier.

Probably learning from the backlash it recently faced from reports that it was throttling the CPU performances of iPhones with older batteries, Apple immediately responded to the discovery that any password could be used to access the App Store's System Preferences when signed on to a local admin account.

"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again," Apple said.

Meanwhile, TechCrunch suggested that the recently found error was not as serious as another login bug earlier discovered on a macOS. Also, based on the reports, it appears that an attacker who wants to access an App Store user account will have to physically operate the affected device. The perpetrator would also need to have access to the MacBook's local admin profile.

Apple has reportedly issued a fix for this error in the macOS 13.3.3. However, this version is still in its beta stage and has yet to be released in full this month.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.