Friday, December 27, 2024
Archived Post

macOS High Sierra flaw exposes passwords of encrypted APFS volumes

Sometimes it’s amazing what makes it through countless beta versions of operating systems to the final product. In the case of macOS 10.13 High Sierra, developer Matheus Mariano discovered a surprisingly bad vulnerability that displays the password of an encrypted APFS container.

In the following video, Mariano shows how the vulnerability works — you create a new Encrypted APFS container in Disk Utility on a Mac with an SSD, and fill in and verify the password, along with a password hint. After unmounting and re-mounting the container, the password dialog displays the actual password in the “Hint” field. Whoops!

Mariano notes that he has already (as of September 27) reported this to Apple. It’s quite likely that macOS 10.13.1 will be heading our way soon with a fix.

Steve Sande
the authorSteve Sande
Steve is the founder and former publisher of Apple World Today and has authored a number of books about Apple products. He's an avid photographer, an FAA-licensed drone pilot, and a really bad guitarist. Steve and his wife Barb love to travel everywhere!