macOS High Sierra Logs Encryption Passwords in Plaintext for APFS External Drives

Catalin Cimpanu, writing for BleepingComputer: macOS High Sierra users are once again impacted by a major APFS bug after two other major vulnerabilities affected Apple's new filesystem format in the last five months. This time around, according to a report from Mac forensics expert Sarah Edwards, recent versions of macOS High Sierra are logging encryption passwords for APFS-formatted external drives in plaintext, and storing this information in non-volatile (on-disk) log files.

The issue, if exploited, could allow an attacker easy access to the encryption password of encrypted APFS external volumes, such as USB thumb drives, portable hard drives, and other external storage mediums. This bug goes against all well-established Apple development and security rules, according to which apps and utilities should use the Keychain app to store valuable information, and should definitely avoid storing passwords in cleartext. Video 1, and 2.

How to update?

[twistedcubic]

Will a security update shred the logs? I wonder how they're going to fix this.

Re:How to update?

[Anonymous Coward]

It was already fixed in 10.13.2 released December 2017. The person that reported the problem was using the original High Sierra release 10.13.0. She had other people tell her it was fixed in 10.13.2 and 10.13.3.

Shit for brains runs deep here at Slashdot.

Re:

[Anonymous Coward]

The built quality of macs is good, let's not get extreme. Over priced, it depends on the mac (and whether or not you're entitled to discounts), awful software, indeed. But they're actually good computers to install arch in them :o)

Does this seem only to me or...

[Suren Enfiajyan]

Apple is really having the most childish bugs in the last few years?

Re:

[ITapeFatCashews]

The entire company is having quality control issues. Even the marketing department.

Apple fixes buggy iPhone X ad before fixing the actual iOS 11 bug
https://www.theverge.com/2018/3/23/17155756/apple-ios-11-bug-iphone-x-ad [theverge.com]

Re:

[Bing Tsher E]

Don't look now, but the real obsessive is the one making numbered lists on Slashdot.

Re:

[Bing Tsher E]

I have actively avoided being diagnosed. It's an important freedom that more people should exercise.

It's LINUX's fault.

[Anonymous Coward]

Apple copied stupid command line Linux and that's why they have all of these bugs! If they copied Windows instead, at least we'd be able to play games!

Re:

[Suren Enfiajyan]

This has nothing to to with Linux/Unix or command line. It's because Mac OS works only (well) on Apple hardware. FreeBSD based Orbis OS which is used in PS4 is actually a descent gaming OS.

Re:

[Suren Enfiajyan]

a descent gaming OS.

Oh, sorry, I meant decent.

Re:

[Anonymous Coward]

Courageous bugs!

FTFY

Re: Does this seem only to me or...

[Anonymous Coward]

Huh?

SMB never worked in 10.4 properly in 10.3-10.4 config files often got corrupt,iPod nanos screens often cracked, antennagate, the touchpad on the last gen of powerbooks,mighty mouse right click, power cables which always break,minor updates constantly breaking audio drivers back in the days.

Seriously, QA has always been really bad. The only difference is that people ignored the issues back then. That's only a short list.

Re:

[Gr8Apes]

What's worse is the the overall stability and reliability of macOS has gone down hill. I have to reboot or recover from hung core processes or even the window server about once a week now. I used to go weeks, sometimes months, between reboots, not any more.

I agree quality has gone downhill since Jobs' death, but it went downhill somewhat prior to that as well. iOS 9 and 10.7 were both under Jobs and were the start of GCD. While GCD solves a specific problem, converting the entire OS to it has proven to be a great source for all sorts of bugs. Even so I'm running multiple 10.10-10.12 systems and they're nice and stable for months. Not sure what you're doing, but even running multiple VMs hasn't affected the stability at all.

Re:

[AHuxley]

The NSA and what followed PRISM cant be doing hours of crypto on every Mac they encounter in the wild.
Features like this ensure the security services can work in real time on all big brand US products.
Junk crypto in the hands of trusting users has been the NSA's pathway to winning for decades.

Re:

[AHuxley]

They should have used BeOS.

Re:

[antdude]

Apple is being like Microsoft and many other companies. Really bad or worse lack of QA. :(

High Sierra - It just doesn't work

[sandbagger]

And where is my new Mac Pro tower?

Re:

[Bing Tsher E]

My Quadra 650 is the desktop version, but you can stand it on end and pretend it's the minitower version.

Re:

[TheFakeTimCook]

And where is my new Mac Pro tower?

Apple said "Modular". They never said "Tower".

Re: Security Experts

[Midnight Thunder]

Security experts have the job of breaking things. Most other people have deliverables, so iterative QA misses this. The ideal situation is having your own internal team trying to break any product when ever they please. Maybe Apple already has a security team dâ(TM)oà g exactly this?

Apple, please hire me

[Snotnose]

I'm a drunk that's been fired a few times for sexual harassment and spent time in jail for corporate espionage. But I promise you I won't write your supra sekrit keyz to a log file in plaintext.

FFS.

Good idea!

[AndyKron]

Good for Apple for doing that. It might come in handy if someone wants a password for something. Disclaimer: I do not own any Apple products.

It's a feature

[viperidaenz]

Incase you forget your password, you can find it again so you don't lose your encrypted data!

Good grief, Apple

[93 Escort Wagon]

I used to joke that all the good coders have left Apple... but maybe it's not a joke after all.

Re:

[AHuxley]

Its hard to have all the resulting meetings with the CIA, NSA, FBI and DEA about why their collection stopped.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[campuscodi]

Not as bad as Facebook's