phaZed
Well-Known Member
- Reaction score
- 3,159
- Location
- Richmond, VA
https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/
Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software.
Matheus Mariano, a developer with Brazil-based Leet Tech, documented the APFS flaw in a blog post a week ago, and it has since been reproduced by another programmer, Felix Schwartz.
The bug (CVE-2017-7149) undoes the protection afforded to encrypted volumes under the new Apple File System (APFS).
The problem becomes apparent when you create an encrypted APFS volume on a Mac with an SSD using Apple's Disk Utility app. After setting up a password hint, invoking the password hint mechanism during an attempt to remount the volume will display the actual password in plaintext rather than the hint.
Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software.
Matheus Mariano, a developer with Brazil-based Leet Tech, documented the APFS flaw in a blog post a week ago, and it has since been reproduced by another programmer, Felix Schwartz.
The bug (CVE-2017-7149) undoes the protection afforded to encrypted volumes under the new Apple File System (APFS).
The problem becomes apparent when you create an encrypted APFS volume on a Mac with an SSD using Apple's Disk Utility app. After setting up a password hint, invoking the password hint mechanism during an attempt to remount the volume will display the actual password in plaintext rather than the hint.
