Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A flaw in macOS High Sierra allows to unlock the App Store Preferences without password

Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by providing any password. Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by […]

Apple zero-day

Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by providing any password.

Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by providing any password.

https://twitter.com/eholtam/status/951142826485698561

The vulnerability was reported by Eric Holtam and affects the latest version macOS 10.13.2. The issue doesn’t affect non-admin accounts that must provide correct credentials to unlock the AppStore Preferences.

The steps to reproduce the issue and grants access to change the AppStore preferences are:

  1. Log in as a local admin;
  2. Open App Store Prefpane from the System Preferences;
  3. Lock the padlock if it is already unlocked;
  4. Click the lock to unlock it;
  5. Enter any bogus password;

macOS High Sierra

Holtam highlighted that the issue doesn’t affect other system preferences panel (i.e. system preferences).

The flaw has a limited impact because it can only be triggered by admins, anyway, anyone with a physical access to a machine that was left unattended by a user logged as admins can exploit the vulnerability.

Apple already issued a security patch in the latest beta version of macOS High Sierra (10.13.3) and the problem will be addressed in a future update for stable versions.

In November, an authentication bypass issue was publicly disclosed via Twitter by the developer Lemi Orhan Ergan. The flaw in macOS High Sierra allowed gaining root access to a machine with no password.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – macOS High Sierra, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]