High Sierra flaw reveals encrypted drive passwords when showing hint

By Cal Jeffrey
Oct 9, 2017
Post New Reply
  1. As we pointed out in our feature on High Sierra a couple of weeks ago, macOS 10.13 is not without its flaws. While the bugs we encountered were more annoying than anything else and need to be addressed in order to get a full recommendation, they weren't of a nature needing immediate attention. Since that time, a couple of more serious issues have reared their heads in Apple’s latest operating system.

    Last week Matheus Mariano, a programmer working for Leet Tech in Brazil, found a flaw in 10.13 that makes putting a password on an encrypted disk volume pointless.

    The Apple File System (APFS) bug (CVE-2017-7149) happens when partitioning an SSD with Apple’s Disk Utility. After setting up the password and hint for the volume, if you try to pull up the hint, it reveals the password instead as demonstrated in the video below.

    If that wasn’t enough, Patrick Wardle, a security researcher for Synack, recently discovered a bug with High Sherra’s Keychain utility. The flaw (CVE-2017-7150) allows unsigned apps access to Keychain. This problem is serious for obvious reasons.

    Apple has already addressed both issues with a patch that it released last Thursday. In the patch notes, Apple explains what was causing the problems.

    “If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints … A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.”

    German programmer Felix Schwartz criticized Apple on Twitter saying, “It becomes clearer every day that Apple shipped #APFS way too early.”

    Developer Marco Arment shared a similar sentiment.

    Other industry experts agree, saying that Apple has become too focused on iOS and that macOS has suffered when it comes to quality control.

    If you have not installed the latest patch for macOS 10.13, you can find it on Apple’s Security Update page.

    Permalink to story.

  2. jobeard

    jobeard TS Ambassador Posts: 11,899   +1,273

    For exisiting systems,
    • The Apple File System (APFS) bug (CVE-2017-7149) happens when partitioning, is a non-issue as the HD is already partitioned. It was careless however :sigh:
    The flaw (CVE-2017-7150) allowing unsigned apps access to Keychain is jaw-dropping stupid.

    Not quite sure
    • “It becomes clearer every day that Apple shipped #APFS way too early.”
    is a correct conclusion, as the APFS has not failed nor lost any user data. It is clear that user testing was insufficient.
    Cal Jeffrey and Reehahs like this.
  3. commanderasus

    commanderasus TS Addict Posts: 220   +89

    New Apple Logo Revealed!

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...