• 0

New macOS High Sierra vulnerability exposes the password of an encrypted APFS container

Asked by Circaflex,

 Share

Question

Grand Master

Circaflex

Posted
Posted

I came across this article early in the morning, I wasn't sure what section this would be good for. It is just a security blog, so I didn't think it would fit under BPN, however mods feel free to move it if you want.

 

Quote

This week, Apple released the new macOS High Sierra with the new file system called APFS (Apple File System). It wasn’t long before I encountered issues with this update. Not a simple issue, but a potential vulnerability.
 



 

You can read about this here, and he goes into some other details on the webpage, https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Grand Master

Active.

Posted
Posted (edited)

It's been fixed now but that's an incredibly embarrassing bug and should never have made it to the release version. I'm not exactly surprised to see Disk Utility as the culprit though because its comically buggy nature has been obvious ever since Apple chose to rewrite it from scratch a few years ago. Hopefully this will serve as a wakeup call and also lead to systemic changes at Apple that will prevent such an obvious, security-relevant UI bug to go unnoticed in the future.

 

Quote

If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.

 

Link to comment
Share on other sites
  • 0
Grand Master

Circaflex

Posted
  • Author
Posted
1 hour ago, Active. said:

It's been fixed now but that's an incredibly embarrassing bug and should never have made it to the release version. I'm not exactly surprised to see Disk Utility as the culprit though because its comically buggy nature has been obvious ever since Apple chose to rewrite it from scratch a few years ago. Hopefully this will serve as a wakeup call and also lead to systemic changes at Apple that will prevent such an obvious, security-relevant UI bug to go unnoticed in the future.

 

 

I must've missed that article. Thanks for pointing it out.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.