Huge Password Flaw Found in macOS High Sierra

January  12,  2018

Windows Hello makes logging in simple

A bug report on Open Radar has revealed a password vulnerability in macOS High Sierra. This bug allows the App Store menu in System Preferences to be unlocked with any password. The flaw, which only exists in the latest version 10.13.2, gives anyone with physical, administrator-level access to a Mac the ability to disable settings related to automatically installing macOS software, security, and app updates.

How to Protect Yourself

If you have not yet updated to macOS High Sierra version 10.13.2, HOLD OFF on updating until AllSafe IT can confirm that the subsequent version is safe to install.

If you are already on 10.13.2, make sure that you are not logged in to an administrator account when you are away from your Mac. Make sure you are diligent about logging out OR user a standard account instead of an Admin one.

As always, if you have questions or require assistance, please do not hesitate to contact us.

Want to Join us? Find out the Available Positions!

JOIN OUR TEAM