Reported yesteryear Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint department is showing the actual password inward the patently text.
Yes, you lot got that right—your Mac mistakenly reveals the actual password instead of the password hint.
In September, Apple released macOS High Sierra 10.13 amongst APFS (Apple File System) equally the default file organization for solid-state drives (SSDs) as well as other all-flash storage devices, promising rigid encryption as well as improve performance.
Mariano discovered the safety upshot land he was using the Disk Utility inward macOS High Sierra to add together a novel encrypted APFS book to a container. When adding a novel volume, he was asked to laid upwardly a password and, optionally, write a hint for it.
So, whenever the novel book is mounted, macOS asks the user to piece of work into the password.
However, Mariano noticed that when he clicked the "Show Hint" button, he was served amongst his actual password inward the patently text rather than the password hint.
You tin run into the demonstration of the occupation inward the below-given video:
This safety upshot is non the alone ane discovered inward Apple's latest desktop operating system.
Just a few hours earlier the free of High Sierra, ex-NSA hacker Patrick Wardle publicly disclosed the details of a dissever critical vulnerability that allows installed apps to pocket passwords as well as hole-and-corner information from the macOS keychain.
The proficient intelligence is that Apple released a supplemental macOS High Sierra 10.13 update on Th to addressed both the issues. Mac users tin install update from the Mac App Store or download it from the Apple's Software site.
It should last noted that simply installing the update would non solve the APFS password disclosure issue. Apple has published a user guide on the password disclosure bug, which you lot should follow to protect your data.
