Thursday, 5 October 2017

Ask Apple for your password hint: get your password!


Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software.

The bug (CVE-2017-7149) undoes the protection afforded to encrypted volumes under the new Apple File System (APFS).

The problem becomes apparent when you create an encrypted APFS volume on a Mac with an SSD using Apple's Disk Utility app. 

After setting up a password hint, invoking the password hint mechanism during an attempt to remount the volume will display the actual password in plaintext rather than the hint.