macOS Ventura 13.3.1 has a bug preventing the password for encrypted sparse bundles from being changed using
hdiutil. As there’s no alternative method, this has a high impact on those using encrypted sparse bundles, for instance to store Time Machine backups on network shares.
While Disk Utility and third party utilities such as my own free app Spundle offer a GUI for the creation of encrypted sparse bundles, the only way to change their password is using the system command tool
hdiutil, in a command of the form
hdiutil chpass sparsebundle
sparsebundle is the path to the sparse bundle. In this interactive form, the user is first prompted at the command line to enter the current password, then the new password twice, thus
hdiutil chpass /Users/hoakley/Documents/0test1.sparsebundle
Enter password to access "0test1.sparsebundle":
Enter a new password to secure "0test1.sparsebundle":
Re-enter new password:
In Ventura 13.1, this completes without error, and the password is changed as expected. However, in 13.3.1, despite it completing identically and apparently without error, the password is never changed, remaining the same as it was before using the command.
This bug only affects sparse bundles; changing password using the same command on disk images continues to work as expected. This is 100% reproducible on Intel and Apple silicon Macs.
There appears to be no other mechanism provided in macOS or third-party utilities to change passwords on encrypted sparse bundles, so there is no workaround known in 13.3.1.
If macOS 13.1 can be run in a virtual machine (VM), then the same command can be run successfully in the VM, provided that it can be given access to the sparse bundle. This works well using lightweight virtualisation on Apple silicon Macs, but is a long way round this bug.
The bug appears to have been introduced after 13.1, and is present in 13.3.1. As Apple doesn’t provide detailed release notes for macOS, it isn’t clear which update to Ventura introduced this bug. It might have been 13.2, for which a potentially related vulnerability is reported as having been fixed in DiskArbitration.
Sparse bundles are widely used, most commonly to host Time Machine backups on shared volumes. Those relying on the encryption provided by a NAS, for instance, shouldn’t be affected, as those won’t normally be encrypted sparse bundles. All other encrypted sparse bundles hosted on macOS are likely to be affected. As changing the password is an important security feature, and the workaround isn’t simple, this bug has high impact.
I’m very grateful to Simon for drawing my attention to this bug, and for reporting it to Apple, so that it will hopefully be fixed in macOS 13.4.
Thanks to Paolo for confirming that this bug isn’t present in 13.2.1. This makes it most likely that it was introduced in 13.3, or possibly 13.3.1.