macOS High Sierra Reveals Encryption Passwords in Plaintext – Recent Version Also Affected

Author Photo
Mar 27, 2018
11Shares
Submit

Apple’s latest macOS High Sierra is once again in the news for another APFS bug. The operating system has seen a number of security problems since its release and it appears the episode isn’t going to end anytime soon. From giving root access to attackers to exposing passwords in cleartext using the password hint feature, the OS continues to be affected some major security bugs.

In a latest report, Sarah Edwards, a forensics expert, has revealed that macOS High Sierra is logging encryption passwords for APFS-formatted external drives in plaintext. This information is stored in on-disk, non-volatile log files. While this bug may not be as simple as the root access issue, it does reveal passwords in plaintext with a simple Terminal command.

macos-high-sierra-10-13-4Related Apple Releases macOS 10.13.4 Security Update – Download Now

“It may not be noticeable at first (apart from the highlighting I’ve added of course), but the text “frogger13” is the password I used on a newly created APFS formatted FileVault Encrypted USB drive with the volume name ‘SEKRET’,” Edwards wrote explaining the screenshot shared below. “The newfs_apfs command can take a passphrase as a parameter using the mostly undocumented ‘-S’ flag. However when run without parameters, it will show it.”

Latest High Sierra version also appears to be affected by this Mac security bug

Whenever a user creates a new APFS volume with an encryption password, the Disk Utility.app will log the password in the unified OS log. The bug works on even the latest version of macOS High Sierra and affects versions between 10.13 to the recent 10.13.3. However, it needs to exploited in different ways on different versions. “This is still vulnerable on current versions of macOS 10.13.3 when encrypted an ALREADY EXISTING unencrypted APFS volume (versus, creating a NEW volume),” she wrote.

If exploited, it could allow an attacker to get access to the encryption password of encrypted APFS external volumes, including hard drives and USB drives.

It should be noted that this latest Mac security bug affects only those who own external storage devices and use APFS formatting. While that ensures that not everyone is affected, it does add into the list of several bugs reported in the OS so far. Here’s a video showing how the bug works on two different versions. For more technical details, head over to the original post.

Submit