macOS High Sierra 10.13.4 fixes APFS encryption password disclosure bug

The latest update to High Sierra, bringing it to 10.13.4, does fix the bug discovered by Sarah Edwards when making an APFS encrypted volume in Disk Utility – in both its original form (fixed in 10.13.2) and the form which remained into 10.13.3.

Although erasing a disk and creating an APFS container still result in execve() calls from diskmanagement which enter the full command and parameters into the log in plain text, those do not contain sensitive information such as a passphrase. The call to encrypt an APFS volume, whether freshly created or already existing, doesn’t use that execve() call, and there is no trace of the encryption passphrase in the unified log.

That is a very quick turnaround by Apple, in fixing the remaining bug in less than a week, and reinforces my opinion that this was an oversight of which Apple had been unaware.

Hopefully Apple will soon amend the list of security fixes for the 10.13.4 update to credit Sarah Edwards with reporting this bug, and making it explicit that it is now fixed.

2Comments

Add yours

1

Michael Tsai - Blog - macOS 10.13.4 on March 31, 2018 at 1:21 am

[…] Howard Oakley: […]

LikeLike
2

Week 13 – 2018 – This Week In 4n6 on March 31, 2018 at 2:36 am

[…] file (which isn’t cleared until a major os update). This may have been fixed in the recent update. OMG, Seriously? – APFS Encrypted Plaintext Password found in ANOTHER (More Persistent!) […]

LikeLike

Share this:

Like this:

Related