/ SECURITY WATCH

Apple Addressed the New Vulnerability of High Sierra

Popular articles

11 / 10 / 2017

Apple Addressed the New Vulnerability of High Sierra

Two weeks ago Apple released their newest macOS called High Sierra. Change of old HFS+ to new APFS (Apple File System) seemed to be the first step to the revolution in Mac world. A few days later Matheus Mariano discovered a serious Disk Utility bug that exposed the password of encrypted Apple File System Volumes.

High Sierra exposed the password of an encrypted APFS container created in the Disk Utility tool. To reproduce the issue, the Brazilian developer added a new encrypted AFPS volume and set up a password and a hint.

Then he unmounted and remounted the container to force a password hint.

But when he clicked the “Show Hint” button, the system revealed the full password rather than the hint.

The issue affected only Macs with SSD storage due to APFS compatibility. A German software developer Felix Schwartz claimed that it was the Disk Utility bug, as if you use the Terminal commands for the same purposes, things go back to normal and an actual hint is displayed. Mariano has reported the issue to Apple representatives. Apple reacted urgently and on October 5 released the macOS High Sierra 10.13 Supplemental Update, which covered this problem. As a result, the hint storage was cleared (if the hint was the same as the password) and the hint sorting logic was improved.

In addition, Apple has suggested the steps to protect the users’ data. If you’ve already encrypted files with Disk Utility, Apple recommends that you do the following:

  1. Install the macOS High Sierra Supplemental Update from the App Store.

  2. In the affected encrypted AFPS volume, create the encrypted backup of data.

  3. Open Disk Utility and select the affected volume from the sidebar.

  4. Click Unmount, and then click Erase.

  5. When prompted, type in the name of the volume in the Name field.

  6. Choose APFS from the list of available formats.

  7. Change the format to APFS (Encrypted).

  8. In the dialog window, enter a new password, and then verify it. Choose a hint for the encrypted APFS volume.

  9. Click Erase.

  10. When the volume is erased, click Done.

  11. Restore the data that you backed up in step 2 to the new encrypted APFS volume that you’ve just created.

Fortunately, Apple urgently addressed the issue and user’s encrypted data is safe now, thanks to Matheus Mariano and other people who reported this bug. We hope that High Sierra won’t “surprise” us again.