Upon mounting the new volume, the user will be asked to enter the password.
Whenever a new APFS volume is added, users are asked to enter a password and, optionally, write a hint for it.
While APFS is described to feature strong encryption and improved file system fundamentals, it was apparently not big on protecting user passwords.ĭeveloper Matheus Mariano found out that the password leakage happens after using the Disk Utility to add a new encrypted APFS volume to the container. When macOS High Sierra is installed on the Mac volume of an SSD or any other all-flash storage device, that volume is automatically converted to APFS. APFS is the default file system in macOS High Sierra for Mac computers with all-flash storage. Users who have installed the latest High Sierra version are advised to patch to prevent potential compromise on their operating systems.Īffecting Macs with a solid-state drive (SSD), High Sierra leaks passwords for encrypted APFS volumes through the password hint.
A developer from Brazil discovered the flaw in High Sierra, which features a new file system called Apple File System (APFS). Apple just released a supplemental update for the recently launched macOS High Sierra 10.13 operating system to address various bug fixes, including a potential vulnerability that leaks a user’s password.
