Print this page
Published in News

Apple showed encrypted passwords in plain text

by on06 October 2017


High noon on High Sierra.

Apple’s security superiority over Windows has been highlighted yet again as the macOS High Sierra exposed the passwords of encrypted Apple File System volumes in plain text.

Brazilian software developer Matheus Mariano found a Disk Utility “feature” in the OS.

Mariano added a new encrypted APFS volume to a container, set a password and hint, and unmounted and remounted the container in order to force a password prompt for demonstration purposes. Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint.

German software developer Felix Schwarz also shared a video of the issue on Twitter today.

The problem affects Macs with SSD storage due to Apple File System compatibility, but APFS will eventually support machines with Fusion Drives as well.

Ironically users who haven't specified a password hint are probably unaffected.

The Tame Apple Press points out that the problem is within the Disk Utility itself and the holy Apple symbol itself is untainted.

Mariano reported the vulnerability to Apple and apparently it was serious enough for Jobs’ Mob to release a macOS High Sierra 10.13 Supplemental Update.

The bug has also been fixed in the base version of macOS High Sierra for those who have yet to install the full software update.

 

Last modified on 06 October 2017
Rate this item
(0 votes)