The latest macOS, High Sierra, has had its difficulties with password screens. First, a build of the OS allowed just anybody to log into a Mac running that version if they signed with “root,” and now a second build allows a similar login to the App Store system preferences, although admittedly not as egregious as the first password screen bug.
It does make you wonder how this keeps happening. Apple is usually quick to fix these types of things; however, how are builds getting released, past the beta version and into users’ hands with such big obvious errors?
The First Time
The first password screen problem with High Sierra occurred last November. The 10.13.1 build of High Sierra was most noticeable by going to System Preferences. If you clicked the lock, it brought up a screen to log in to get access.
The problem with this is it didn’t do as it was supposed to and require you to put in your user name and password for the system. It allowed you to put in “root” as the user name and use a blank password.
And it went further than that as well. Several other login screens in the OS worked the same. It was reported that every preference panel that was tried worked the same way with “root” as the user name and a blank password.
In the System Preferences it meant just anyone could do many different things, including adding a new user, even a new administrator. Current users could be locked out as well.
New Security Risk
While admittedly it’s not as bad as before, it’s a similar problem. With the current version of High Sierra, once again in the System Preferences, but only in the App Store pane, making it not quite as devastating, but still bad nonetheless, there is once again a security flaw.
If you go to System Preferences, and then to the App Store settings and find the padlock icon, if it’s unlocked, you can unlock it using just any password. It doesn’t need to be that favorite coveted password of yours. It can literally be anything.
This means automatic downloads can be enabled or disabled as well as operating system updates. Again, it’s not quite as bad, as just anyone can’t log in to your Mac. However, anyone who already has access to your Mac, even children, can get in there and change your App Store settings.
It’s possibly more damaging to Apple than it is to individual users. This is their second security flaw in High Sierra. They need to figure out how these builds keep getting released with such serious compromising bugs. These have been released to the general public and are not just beta releases. Why were these not discovered beforehand? Is someone’s job on the line? If not, it should be.
In the Future
Apple has reportedly acted quickly, and this most recent bug has already been fixed in newer beta versions of the software. If there’s a silver lining here, it’s that the company takes security seriously and always fixtures these mistakes right away.
But while that’s honorable on Apple’s part, they need to be taking the next step and figuring out where the process isn’t working before these builds are released. They need to be looking into their quality control and figuring out how they can take care of these flaws before they reach the general public. Even better still, if it compromises security, it shouldn’t even be reaching beta versions of their OS.
In the meantime, as a consumer of Macs, be forewarned that Apple is having trouble. If you have a version of the software that has security bugs, be sure to update as soon as possible, and don’t leave your Mac unattended if you’re currently experiencing a security bug.