A bug was discovered which attacked Apple macOS High Sierra 10.13 version that revealed user’s encrypted drive’s password in the hint box.
In Capsule:- A bug (CVE-2017-7149) that affected MacOS High Sierra 10.13 was discovered by Matheus Mariano of Leet Tech.
- The bug revealed user’s encrypted drive’s password in the hint box.
- Apple issued an emergency update for macOS High Sierra to address the bug.
- A youtube video was released by the discoverer explaining the matter.
A bug was discovered which attacked Apple macOS High Sierra 10.13 version that revealed user’s encrypted drive’s password in the hint box. Apple then immediately reacted by issuing an emergency update for macOS High Sierra to address the bug (CVE-2017-7149) and vulnerabilities in AFPS (Apple File Systems) volumes and its keychain software. The credit for discovering the bug is given to Matheus Mariano of Leet Tech, a Brazilian security researcher. He has also published the youtube video (attached below) explaining the matter. Matheus had written below his video that he has already informed Apple about the bug.The issue is observed only with macOS High Sierra when users add a new encrypted APFS volume to their container. Also, only Macs with SSD drives and APFS volumes are affected.When the user mounts the APFS volume, the user will be asked to enter the password to access the drive data. At this point, if the user clicks the password hint button, the user's password is displayed instead of the hint.The bug plays its role only if the Apple user has saved a password hint earlier. Those users who do not have a password hint are exempted from this issue.The problem also affects only Macs with SSD drives, where Apple's new APFS filesystem is supported.Supplemental Patch Update by Apple
Apple response team was dynamic in quickly issuing the patch for users to update compared to previous bug reports. Apple strongly advise the users to update, or at least bother to remove the password hint, so that the bug will be inactive.Apple stated the flaw in its patch release notes: "If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints."How to Backup/ Restore APFS after OS update?Apple has also generously released a support page for users to guide them through effective steps on how to backup, erase, and restore the encrypted APFS volume after the new OS update. A Keychain flaw (CVE-2017-7150) was identified last week by Patrick Wardle, from infosec biz Synack. It allowed unsigned apps to access sensitive data stored in Keychain. The same supplemental update also patched a zero-day in the Keychain app that exposes app passwords in cleartext."It becomes clearer every day that Apple shipped #APFS way too early," wrote Schwartz a tweeted on Thursday.Many researchers across the world have tweeted and commented that the Apple’s macOS High Sierra was accidentally preshipped, unpolished & unfinished.
