Categories: Apple

macOS High Sierra gives away your password

54 2

A glaring security mistake has been discovered in Apple’s most recent desktop operating system. It’s not the sort of vulnerability that requires complicated malware or IT knowledge; anyone can learn this exploit in a matter of minutes to steal your password. Here’s how to stop that from happening.

What is the bug?

The vulnerability pertains to sweeping changes in how macOS stores files. In the High Sierra update, the Apple File System (APFS) was introduced to make opening and saving files much faster. As an added bonus, APFS also added advanced features like drive encryption.

However, users who add a second encrypted APFS partition to their computer’s drive aren’t keeping their data safe from prying eyes.

Let’s imagine you want to create a separate storage partition for your work files. The data contains sensitive information so you encrypt the drive and add a password.

If in the course of setting the password you were to provide a password hint, High Sierra will display your password when anyone clicks Show Hint when accessing the drive. You can see how it’s done in this 45-second video.

When anyone can retrieve your password in a matter of seconds, encryption becomes completely pointless.

How to fix this vulnerability

Sadly, the update for encrypted APFS drives requires much more than installing a patch. As such, we do not recommend trying to fix this issue without professional help if your encrypted partition has irreplaceable data. It is a complicated process and could result in data loss.

Apple procedures for fixing the issue if you’ve already encrypted a drive include:

  1. Installing the most recent macOS update
  2. Backing up the encrypted drive
  3. “Unmounting” and erasing the original drive
  4. Creating a new encrypted APFS drive
  5. Entering a new password and password hint
  6. Restoring the backup from Step 2 to the updated partition

Apple’s macOS is a great operating system. It is reliable, secure, and user friendly — but like any piece of software, it’s not perfect. Don’t make the mistake of assuming macOS is safe enough to protect your data without outside help. For help encrypting your drives or securing your Macs, call us today.

You Might Also Be Interested In...

ron.pierce

Leave a Comment
Share
Published by
ron.pierce
Tags: 2017october18apple_aapfsapplebugsencryptionhard drive partitionshigh sierramacosvulnerabilities
6 years ago

Recent Posts

Small Business Cybersecurity: Protect Your Business Like a Pro

Imagine this... You wake up, grab your morning coffee, and check your email. There’s a…

5 days ago

How to Set Up Parental Controls on Your Devices

As children spend more time on devices, ensuring their online safety becomes vital. Parental controls…

6 days ago

The Ultimate Guide for CPAs: Choosing the Right Accounting Practice Software for Your Office

  Are You Making the Right Choice for Your CPA Firm? When was the last…

2 weeks ago

Implementing Screen Time Management Solutions in the Workplace

In today’s digital-first world, screen time is an unavoidable aspect of the modern workplace. Employees…

2 weeks ago

Simple Ways to Limit Screen Time for Your Family

Spending too much time in front of screens can affect how we feel and interact…

2 weeks ago

Preventing Email Phishing Attacks for Small Businesses: Essential Strategies

Every day, people receive emails pretending to be from trusted sources only to discover they…

3 weeks ago