A severe programming error has been discovered inwards Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System (APFS) volumes inwards manifestly text.
Reported past times Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint department is showing the actual password inwards the manifestly text.
Yes, you lot got that right—your Mac mistakenly reveals the actual password instead of the password hint.
In September, Apple released macOS High Sierra 10.13 amongst APFS (Apple File System) equally the default file arrangement for solid-state drives (SSDs) too other all-flash storage devices, promising potent encryption too improve performance.
Mariano discovered the safety trial piece he was using the Disk Utility inwards macOS High Sierra to add together a novel encrypted APFS book to a container. When adding a novel volume, he was asked to prepare a password and, optionally, write a hint for it.
So, whenever the novel book is mounted, macOS asks the user to teach inwards the password.
However, Mariano noticed that when he clicked the "Show Hint" button, he was served amongst his actual password inwards the manifestly text rather than the password hint.
You tin run across the demonstration of the occupation inwards the below-given video:
This safety trial is non the exclusively 1 discovered inwards Apple's latest desktop operating system.
Just a few hours earlier the liberate of High Sierra, ex-NSA hacker Patrick Wardle publicly disclosed the details of a split critical vulnerability that allows installed apps to pocket passwords too hole-and-corner information from the macOS keychain.
The proficient tidings is that Apple released a supplemental macOS High Sierra 10.13 update on Th to addressed both the issues. Mac users tin install update from the Mac App Store or download it from the Apple's Software site.
It should live on noted that merely installing the update would non solve the APFS password disclosure issue. Apple has published a user guide on the password disclosure bug, which you lot should follow to protect your data.
Reported past times Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint department is showing the actual password inwards the manifestly text.
Yes, you lot got that right—your Mac mistakenly reveals the actual password instead of the password hint.
In September, Apple released macOS High Sierra 10.13 amongst APFS (Apple File System) equally the default file arrangement for solid-state drives (SSDs) too other all-flash storage devices, promising potent encryption too improve performance.
Mariano discovered the safety trial piece he was using the Disk Utility inwards macOS High Sierra to add together a novel encrypted APFS book to a container. When adding a novel volume, he was asked to prepare a password and, optionally, write a hint for it.
So, whenever the novel book is mounted, macOS asks the user to teach inwards the password.
However, Mariano noticed that when he clicked the "Show Hint" button, he was served amongst his actual password inwards the manifestly text rather than the password hint.
You tin run across the demonstration of the occupation inwards the below-given video:
This safety trial is non the exclusively 1 discovered inwards Apple's latest desktop operating system.
Just a few hours earlier the liberate of High Sierra, ex-NSA hacker Patrick Wardle publicly disclosed the details of a split critical vulnerability that allows installed apps to pocket passwords too hole-and-corner information from the macOS keychain.
The proficient tidings is that Apple released a supplemental macOS High Sierra 10.13 update on Th to addressed both the issues. Mac users tin install update from the Mac App Store or download it from the Apple's Software site.
It should live on noted that merely installing the update would non solve the APFS password disclosure issue. Apple has published a user guide on the password disclosure bug, which you lot should follow to protect your data.
Share This :
comment 0 Comments
more_vert