Your Mac has another bug that lets people log in without your password. But unlike the last time this happened, it only leaves your computer exposed to a bit of mischief.
That proviso won't stop the bug from raising concerns about the overall quality of Apple's software. But it means the flaw doesn't hand anyone the keys to the kingdom.
Let's compare. In November, users found anyone could a report surfaced that someone could log into your App Store preferences with any entry into the password field.and no password whatsoever. That's a serious flaw that undercut the most basic line of security protecting the content of your computer from thieves, or even prying friends, family or co-workers. On Monday,
Apple didn't immediately respond to a request for comment. The issue only comes up when a Mac user is logged in with administrative privileges. For local users, no password is required to change App Store preferences.
CNET confirmed the bug by slapping random keys into the App Store preferences password field on a Mac running the most recent High Sierra operating system (10.13.2). Boom, we were logged in.
But what was next? Now CNET could take full control of, well, the computer's App Store preferences. Not exactly the kind of all encompassing power one might expect from bypassing a password. What's more, the computer itself wasn't locked when CNET struck -- just the App Store preferences.
To make this very clear: to take advantage of this flaw, an attacker would have to wait for an unsuspecting Mac user to walk away from their computer without logging out. Then this malicious person would need to rush up to the computer, open up the App Store preferences, and enter any old combination of keystrokes to log in and make changes. Finally, the saboteur could do something as dastardly as getting your computer to stop automatically checking for software updates.
CNET checked on a Mac running the next version of High Sierra (10.13.3), which hasn't been released to the general public yet, and found that the issue is no longer present.
CNET's Stephen Shankland contributed to this report.
Virtual reality 101: CNET tells you everything you need to know about VR.
CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.