There’s an entire KB about reporting security issues to Apple, if someone ever feels the need to report similar security bugs. So, I would guess that High Sierra disables swap space on ssds as standard. This isn’t exactly a good way to disclose security issues, but I’m willing to bet the reporter perhaps didn’t think it would go this far in the media? Mac OSX High Sierra is a linux derivative of sorts, and many linux OS's recommend disabling swap when installing to an SSD as the type of storage used in a swap partition puts a high load on the magnetic media of the ssd in a potentially destructive way. This issue was first reported on Twitter and is now getting widespread traction. If you’ve enabled Remote Management, anyone can log into your Mac using the root user with an empty password. Once a password has been set, it wont change to an empty value anymore. Turns out, testing this actually creates a root user without a password in the background! Make sure to disable the root user in System Preferences to prevent this from getting any worse than it already is.įor a quick workaround, set a non-default (aka: anything) password on the root user via the terminal.
Update: be sure to disable the root user after test I’d be very curious to know the technical reasons why this was possible in the first place. You can try it if you go to the Users & Groups settings screen and click Lock at the bottom.
Use the user root and click _Unlock _several times, you’ll eventually bypass the dialog and be granted root privileges. As first reported on Twitter by Lemi Orhan Ergin, you can bypass just about any security dialog on Mac OSX High Sierra (10.13) by using the root user without a password.
