Mac OS Bug Allows System Preferences To Be Unlocked With Any Password, Haven't Fixed Yet
Hackersonlineclub confirmed the Bug after reproducing it by self.
Step to Reproduce
- Click on your System Preferences
- Click on App Store
- Click on Padlock icon
- Enter your Username and any password (123456 or xyz)
- Click Unlock
It is easy to exploit when the user is logged in to a Mac OS with administrator privilege. Cyber criminals can take advantage of this flaw.
In September, a security researcher found the exploit to snag plaintext password from Keychain. It is the second time a login bug has been found after the security flaw was discovered in November, which was allowing to login to a Mac by typing 'root' as user name with no password.
Apple haven't commented about this bug yet but we are expecting that it should be fixed with the upcoming MacOS 10.13.3 version.