Another password-related bug has been discovered in macOS High Sierra, this time in the App Store Preferences in the Settings.app.

Joe Rossignol, reporting for MacRumors, says:

The security vulnerability means that anyone with administrator-level access to your Mac could unlock the App Store preferences and enable or disable settings to automatically install macOS updates, app updates, system data files, and, ironically, even security updates that would fix a bug like this one.

This sounds really embarrassing for Apple, but this is far from being a major bug. First, the App Store preferences are unlocked by default for admin users — and it doesn’t work for/affects the non-admin users. Additionally, if anyone with malicious intent has admin access to your Mac, there’s a lot worse that is possible. That’s not to say that this bug shouldn’t be taken seriously. Apple has already fixed this bug in the beta of its upcoming High Sierra release.

I’d love to join Apple’s QA team. Seriously!

WordPress 4.3 Beta is now ready for testing and the team has listed the notable changes arriving with version 4.3. This one below is really good to have.

We put a lot of work into Better Passwords throughout WordPress. Now, WordPress will limit the life time of password resets, no longer send passwords via email, and generate and suggest secure passwords for you.

I wish Automattic themselves offered a Two-Step Authentication plugin for self-hosted WordPress installations.