Apple Has Yet Another Password Bug in macOS High Sierra

1 minute read
| Editorial

Apple has yet another password bug in macOS High Sierra. Users of macOS High Sierra 10.13.2 can unlock Setting > Mac App Store (MAS) using any string of text for a password, allowing anyone to change your MAS settings. Fortunately, Apple has confirmed that macOS High Sierra 10.13.3—which is in beta now—corrects the issue (via Macworld).

To test this yourself, go to Settings > Mac App Store. If your panel isn’t already locked, lock it by clicking the lock in the lower left corner. Once locked, click it again, enter your user name, and enter anything you want for a password. Click unlock, and there you have it.

macOS High Sierra Mac App Store Settings Panel

macOS High Sierra Mac App Store Settings Panel

In the example above, I was able to unlock my settings using a single character for a password. Note that my password is not a single character.

Soul Crushing

On its own, this password bug is nowhere near as bad as the root password bug in macOS High Sierra revealed late last year. There is no setting, for instance,  that would allow you to make purchases on the MAS without a password. The closest thing is a setting allowing you to make purchases for 15 minutes after having already authorized a purchase via password.

But—and it kills me to say this—this unrelenting wave of security snafus from Apple is soul crushing. Quality Assurance seems to have vanished from a company that made its mark, in part, on having higher quality than everyone else. Apple is causing me to question the company’s ability to see to the small things, let alone the big things.

As noted above, Apple has already confirmed this issue is corrected in macOS High Sierra 10.13.3. This update should be released relatively soon.

7 Comments Add a comment

  1. Jamie

    Seriously, Apple: fire the kids who met your internal quotas and hire some of your formerly senior people or their equivalent again. The past 12 months have just been sad, and I couldn’t be happier that I downgraded. Ever since my work has been smooth as butter.

    Thread -> lost for far too long at Apple HQ. I could really care less about your spaceship when many of your products border on unusable and all you have in response are excuses or insults to your users’ intelligence. Enough, already.

  2. paikinho

    This stream of password bugs is soul crushing.
    C’mon Apple get it together.
    Seems like the ships rudder has broken and the night watch is sleeping.

  3. Retro4K

    As someone who switched from Windows to Mac a year 1/2 ago and swears allegiance to no one. I can say that if I had switched from Windows to a Mac running High Sierra, it would have been an immediate return. If it doesn’t get any better and MS keep on the right trajectory I’ll switch back come my next upgrade, which isn’t great because the ecosystem is less complete.

    El Capitan was far from perfect but it did enough right compared to the odd quirk/bug for me to complain or worry to much. Every update since has been like a chip of paint coming off a new car with the polish coming off the OS and the tires well and truly worn down.

    It usually takes me no more than a day or two after upgrading (this is a couple of point releases in) for me to identify several bugs and unintended behaviours that I report to Apple and that go ignored. Then several security holes, not even exploits… just wide open security backdoors like this make me wonder if Apple takes QA seriously with macOS anymore. Their focus seems to be on iOS and the iPad pro.

    Don’t take my word for it. I’ve a friend who’s never said a bad word about Apple for over 20 years and lately he’s got nothing good to say. This should worry Apple.

  4. Hammer

    If Tim would focus on internal issues more and stop trying to be a political activist maybe these problems would not be happening.

    But they do have new emojis, and watch bands, and new store designs, and a space ship HQ!

    Seriously Apple?

  5. ibuck

    Does Apple see themselves as a portable device company or as a QUALITY User Experience company?

    It used to be the latter. What’s changed, Mr. Cook?

  6. lemon4611

    Mr Cook has taken Apple right down into the dumper. Apple has lost respect for the customer and the arrogant corporate mentality of thinking only they know what customers want along with assuming all customers are idiots will be Apple’s undoing. Apple is overlooking the single most important factor of business, life goes on without Apple just fine and customers adapt quite nicely. Apple’s recent missteps are not easily forgotten.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account