Mac exploit lets you change App Store preferences with any password

From Engadget - January 10, 2018

We have asked Apple for comment on the apparent bug and will let you know if it can provide a response, although we have learned that this should not expose users and that it should be fixed with the upcoming macOS 10.13.3 update (the fix is already present in the beta).

It's not going to be a serious issue when an intruder needs admin-level access, but it could be a concern if an attacker already has those privileges. They could loosen your password restrictions for downloads (say, to go on a shopping spree without your consent) or force automatic updates if they know a newer app or OS release is vulnerable. And of course, this illustrates that the company still has avoidable security hiccups to address.


Continue reading at Engadget »