A new “password” vulnerability has been discovered on Mac OS High Sierra.

In the latest version of the macOS High Sierra (10.13.2) operating system, a new vulnerability has been discovered that allows anyone to change the App Store settings with absolutely any password. This vulnerability is the second major problem in the past three months.

Operating the vulnerability is fairly easy: go to the system settings, select the App Store section, click on the lock icon to unlock, enter your username and any password, click on the unlock button.


')
The “details” of the vulnerability are published on openradar .

The bug will be fixed in macOS 10.13.3, which is expected to be released soon. Also, according to the researchers, the bug is absent in systems running macOS Sierra 10.12.6 and below.

Apple representatives did not comment on the error found. This is the second case of this kind lately - in November 2017, a macOS High Sierra vulnerability was discovered that allowed getting root access to the system, using “root” as the login and leaving the password field empty.

The new problem has similar roots with the previous one, which leads to certain thoughts.