A new Mac security flaw lets you type literally any username and password in order to unlock the Mac App Store panel in System Preferences. It’s probably not a big deal practically speaking—the panel is unlocked by default—but the fact that this issue exists at all is a worrying reminder that Apple isn’t prioritizing security like they used to.
I get it: tech journalists tend to lose their mind when it comes to Apple. The slightest flaw is hyped up beyond belief, given a name ending in “gate,” and then forgotten about within a month. It’s a regular cycle at this point, and it makes it hard for readers to recognize actual problems.
A Bit of History
So let’s review quickly. Back in November, 2017, a macOS bug let anyone create a root account without a password in System Preferences simply by typing “root” as the username and making up literally any password. Instead of denying you access, like a well designed system would, macOS High Sierra would just create a root account using whatever password you entered.
In addition to being mind numbingly insecure, this is bizarre behavior. Why in the world would making up a root password create a root account out of whole cloth? What is happening in the backend that makes that possible?
It’s hard to imagine, which is why this wasn’t a case of tech journalists exaggerating. It was really, really bad.
And the cleanup after that bug didn’t…
I have a crazy passion for #music, #celebrity #news & #fashion! I'm always out and about on Twitter.
Latest posts by Sasha Harriet (see all)
More from Around the Web