Apple MacOS High Sierra security/root bug

If you’ve updated to MacOS High Sierra (OSX 10.13), this is not good news.  Although Apple released a bug fix, it should really give security conscious users some pause.

There are some good overviews of how to harden MacOS/OSX, but I haven’t seen an updated guide that specifically addresses this latest problem (researchers just haven’t had time to investigate the underlying problems and the full extent of what Apple changed and what is affected.  Despite that gap, reviewing a hardening guide and applying relevant procedures is still a good practice.  Here’s a couple references to get you started.

Additionally, here’s a link to a good description of the root account security bug and a manual procedure which hardens the system against this problem.  Conversations in the SecKC community and other security community confirmed the vulnerability and confirmed this manual config appears to address the problem.

Unfortunately this manual approach probably isn’t for most home/casual consumer users.  It requires using the Terminal and some advanced features most users never interact with.  And it introduces a security configuration which would probably complicate future updates and changes for many people.

Bottom line. Apple really messed up.

So what should you do?  If you’re a security conscious person with system administrator skills, you should spend the time it takes to harden your system (and test that hardening).  If your not a sys admin, update update update.  And keep checking for more updates over the next days and weeks.


When iTunes doesn’t move deleted items to trash

check iTunes Preferences, the Advanced tab, the settings for “iTunes Media folder location” and “Keep iTunes Media folder organized“.

iTunes media folder preferences.
iTunes preferences for Media Folder and organization.  For some reason* the location had been lost as this field was blank.

If you have your iTunes library configured to keep everything under a preferred folder location and to let iTunes automatically organize the items in the library, then deleting an item should provide a prompt asking whether the item should be moved to the Trash or kept in the media folder.

iTunes move to Trash prompt.
  When media folder organization is enabled, iTunes should prompt when deleting items.

I recently noticed that iTunes wasn’t prompting to move deleted items to the trash anymore (resulting in left over cruft taking up disk space).  After checking several things, I found the preference settings had been lost.   After correcting (restoring) the settings iTunes did prompt to organize the folders and appeared to do a quick scan thru the media there (a couple minutes), but it finished quickly and everything seems to have returned to normal.
*I can only guess the setting problem cropped up a couple days ago when I had some problems with external USB devices and had to forcefully disconnect and shut everything down.

iTunes version 11.0.1 (12) on OS X Mountain Lion 10.8.2  iTunes Media Library is location on an external 1.5TB USB3 HDD.  I’ve been using external storage for iTunes for about 4 years now, so that of itself wasn’t the source of the problem.