A major security flaw has been discovered in Apple’s Mac OS High Sierra, that allows settings to be changed without the use of a password.
The bug, which was first reported on the OpenRadar site, is present in macOS 10.13.2 and allows anyone with access to your Mac to access the System Preferences in the App Store without the needing to enter a password.
We tested the this on an iMac running macOS 10.13.2 and can confirm the issue.
Tech site Bleeping Computer posted a video on YouTube showing the flaw.
While the discovery of the flaw may be alarming for some Mac users, the potential for it to be exploited in an attack is perhaps limited.
While it is unacceptable that system settings can be simply bypassed without the need to enter a password, in order for a hacker to exploit the flaw, they would need physical access or administrator access to your device.
And even if they had this, they would still only be able to change settings in the App Store.
The issue is the second high profile flaw discovered in Apple’s operating system, which is usually noted for its security, in as many months.
In November, a similar but much more serious flaw was discovered that allowed anyone to gain administrative access to a the machine without needing a password.
On that occasion, because of the severity of the issue, Apple promptly released a security update to patch the problem.