Click to Skip Ad
Closing in...
  1. AirPods Pro Prime Day Deal
    11:46 Deals

    AirPods Pro are back in stock at Amazon after selling out – and they’re $52 off

  2. Best Prime Day Phone Deals
    18:12 Deals

    Best Prime Day phone deals: Apple iPhone, Samsung Galaxy and more

  3. Best Prime Day Apple Deals
    12:00 Deals

    Amazon Prime Day 2021: Best Apple deals

  4. Amazon Deals
    07:56 Deals

    10 deals you don’t want to miss on Saturday: Early Prime Day blowout, $50 off AirPods Max, $20 Blink Mini cam, more

  5. Best Prime Day TV Deals
    16:38 Deals

    Best Prime Day TV deals: Samsung, LG, Vizio, and more

MacOS High Sierra bug reveals passwords in plain text, no hacking required

October 5th, 2017 at 10:04 PM
MacOS High Sierra: security bug with passwords

MacOS High Sierra, the latest version of Apple’s desktop OS, is finally here. One of the biggest changes is under the hood, switching the OS over to a new, more efficient file system called Apple File System (APFS). Such a major change is always going to come with weird bugs and quirks, but that still doesn’t excuse a new security bug exposed by researchers.

Software developer Matheus Mariano has found a serious bug that reveals the passwords for encrypted APFS volumes when you click “show password hint” within Disk Utility. This isn’t your kind of deep-down zero-day hacking vulnerability; it just looks like a simple oversight, but the end result is that anyone with access to your device can open encrypted volumes on your MacBook.

All Mariano had to do in a demonstration was set up a new encrypted volume from within Disk Utility, unmount and remount the volume to force a password prompt, and hit “show hint.” His password for the volume then showed up in plain text.

Felix Schwarz, another software developer, managed to reproduce the bug on his device. He also showed that it’s a bug within Disk Utility, not the underlying software, as doing the same steps from the command line shows the password hint, rather than the actual password.

The issue is still present in the most recent beta version of macOS High Sierra, which means any fix will take a while to roll out. In the meantime, disable any password hints, as that seems to band-aid fix the issue.

Popular News