The vulnerability is also very simple to say, if you are running macOS High Sierra, try the following:
1. Open the system preferences
2. Click on the App Store
3. If the option has been unlocked, click to lock it
4. Click again to unlock
5. In the pop-up window, enter the username and any password
App Store system preferences will be successfully unlocked no matter what password you enter. On the iMac and MacBook Pro running macOS High Sierra 10.13.2, this can be done with any password.This is a very simple but very serious and serious security vulnerabilities, but the good news is that the device running 10.13.3 beta does not have this bug, so it should be fixed in the upcoming release. Again, it is recommended to upgrade.
This vulnerability is not as severe as the previous root bug (although it should not happen). While it allows anyone who accesses your Mac to access and modify your App Store system preferences, user accounts, and other settings cannot be changed and are difficult to exploit Vulnerability to steal your data and funds on the App Store, after all, App Store most relaxed purchase settings is 15 minutes after the purchase you need to re-enter the password.
However, the discovery of this loophole has also led to some questions Apple, their system in the end what happened? How often there are low-level mistakes.
From late November to early December last year, Apple users suffered from a series of bugs, the worst being the root privilege vulnerabilities. In iOS, capital input bugs, and iPhone restart infinity restarts were also reported. Although Apple quickly fixed these issues after the fact and repeatedly reiterated that “we are reviewing our development process to prevent this from happening again,” but the existence of these large and small system problems, each one bit by bit Destroy users’ sense of trust and security. Apple is the reflection.
Reference: 9to5mac
