However, the report notes that the particular login attempt also accepts incorrect login credentials, provided that the user is logged in as the local admin.
It's not really the biggest security flaw, especially when compared to High Sierra's previous password gaffes, as only a few basic settings can be changed and other parts of the system can't be so easily accessed or fiddled with.
Attackers could gain access to your Mac thanks to another security flaw discovered in the latest version of its operating system. First, this flaw only seems to affect High Sierra version 10.13.2-the current available version at the time of this writing.
Assuming the attacker would be able to gain such access, they would still only be able to change the user's preferences in the App Store.
With I Am Root still fresh in the memories of users and the recent hoopla over Meltdown and Spectre not yet died-down, this comes at a particularly unwelcome time. If the bug exists on your computer, you can put in any password and the padlock will unlock regardless. Macrumors states that it can not reproduce the error on the beta versions of macOS 10.13.3, suggesting it'll be fixed in an upcoming release. Just open up the App Store system preferences and if the little padlock icon is locked, click on it. macOS will then prompt you for a username and password.
Enter any bogus password you like and the system will grant you access.
Apple pledged to review its software development process in early December 2017, after a researcher discovered a bug that could give hackers total control of vulnerable machines.
"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused".
'Our customers deserve better.
'Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS, ' Apple said in its statement.