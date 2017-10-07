Apple has fixed two bugs that exposed user passwords with its latest macOS High Sierra 10.13 Supplemental Update. Apple has fixed two bugs that exposed user passwords with its latest macOS High Sierra 10.13 Supplemental Update.

Apple has fixed two bugs that exposed user passwords with its latest macOS High Sierra 10.13 Supplemental Update. One of the bugs showed the entire password for APFS (Apple File System) encrypted volume when users clicked on password hint (only for people who saved password hints).

According to Naked Security, the bug is in Disk Utility, which saves the entire password of users in password hint. This means, anyone who clicks on ‘Show Hint’ will have access to user passwords. Apparently, people who didn’t save hint for their password are safe.

Apple Support page explains in detail, what affected users must do to safeguard their APFS encrypted volume. The process is a lengthy one. It requires people to first install macOS High Sierra 10.13 Supplemental Update, then create an encrypted backup of the data in their affected encrypted APFS volume, open Disk Utility and select the affected encrypted APFS volume in the sidebar, click Unmount to unmount the volume, and then click on Erase.

Further, people will have to type in a name for the volume in the Name field, Change Format to APFS, then change Format again to APFS (Encrypted), enter a new password.

Apple will them ask users to enter the new password again, provide a hint (optional), click Choose, and then click Erase. Tap on Done when the process is complete. Following these steps, users will have to back up, erase, and restore the encrypted APFS volume.

“If your disk password for any affected encrypted APFS volume is the same as the password that you use for a macOS user account or an internet service, you should change the password of the user account or internet service,” reads Apple support page.

A different bug that lets hackers steal remotely steal all passwords off a system running macOS High Sierra, has also been fixed with Apple’s latest macOS igh Sierra 10.13 Supplemental Update. “That particular issue allowed a malicious attacker to extract all your keychain passwords with an unsigned app,” reports Mashable.

