Apple Releases macOS High Sierra 10.13 Supplemental Update With Fix for APFS Disk Utility Bug and Keychain Vulnerability

[Compote]

Apple with the quickness!!!!

Zzzapple.

 

[Analog Kid]

If they only just found about the Disk Utility bug then this was very fast, so well done to them on that.

The fix for existing users is a bit painful though... Hopefully not many were affected.

 

[nt5672]

At least Apple has been responsive, as the APFS vulnerability was just revealed within the past day.

Too bad they did not identify and fix before release. These are pretty serious issues and they just let them go to users. That must make one proud and happy to be an Apple fan. What in the world makes you thing that Apple did not know about these issues for months. Ah, I forgot, millions in marketing spend.

 

[bytethese]

What if you did not update to High Sierra yet? I'd rather not have to backup, update, backup, wipe, reformat, restore, etc. If I go straight to High Sierra, is the supplemental update included?

 

[Michaelgtrusa]

Shocked at how fast this was.

 

[phillytim]

I don't yet have APFS as my Mac has only a single HDD. But this re-iterates why I am glad to not yet feel needy in having such a fresh new file system.

 

[tmoney468]

Is this different than the 10.13.1 Beta (17B25c)? I installed that because I had so many issues with High Sierra and it doesn't seem much better. I've had multiple freezes and weird behavior.

 

[brianvictor7]

Good on Apple for being responsive to this. Now I trust they review their QA process to ensure simple failures like this don't happen again.

 

[Rogifan]

Too bad they did not identify and fix before release. These are pretty serious issues and they just let them go to users. That must make one proud and happy to be an Apple fan. What in the world makes you thing that Apple did not know about these issues for months. Ah, I forgot, millions in marketing spend.

Right Apple knew about this vulnerability (one that they apparently fixed within a couple days) but shipped anyway because marketing.

 

[Amazing Iceman]

Interesting, Apple gave credit to the people who found the vulnerabilities.

https://support.apple.com/en-us/HT208165

 

[Xavier]

Yes, they fixed the Indesign bug. Thanks for the help Adobe!

 

[chrfr]

Interesting, Apple gave credit to the people who found the vulnerabilities.

https://support.apple.com/en-us/HT208165

They've been doing that for several years.

 

[mrzz]

Someone will complain about having to install updates. They'd rather have Microsoft which would wait to patch a security issue because it's not part of their update release schedule. There were a number complaining of recent iOS updates in this way.

That's exactly what Apple does, waiting for a regular FP release date, not M$. This was an exception because of seriousness of the issue.

 

[ApfelKuchen]

I'd rather not erase my volumes. Wouldn't it suffice to clear the stored password hint using the diskutil command line utility?

The support article explains why the erase is recommended: https://support.apple.com/HT208168

 

[bbfc]

Is this different than the 10.13.1 Beta (17B25c)? I installed that because I had so many issues with High Sierra and it doesn't seem much better. I've had multiple freezes and weird behavior.

I presume so. Maybe this fix will be included in the next beta. I haven’t checked for updates yet though.

 

[rotlex]

What if you did not update to High Sierra yet? I'd rather not have to backup, update, backup, wipe, reformat, restore, etc. If I go straight to High Sierra, is the supplemental update included?

Good question. Still waiting to update and won't for probably a while yet.

 

[jbachandouris]

I presume so. Maybe this fix will be included in the next beta. I haven’t checked for updates yet though.

I have 10.13.1 installed and it's not available for me, so maybe it is in the beta already,

 

[tkermit]

The support article explains why the erase is recommended: https://support.apple.com/HT208168

I'm not sure it does. Are you referring to the following paragraph?

Changing the password on an affected volume clears the hint but doesn’t affect the underlying encryption keys that protect the data.

I'm not sure what that has to do with anything or why that would be an issue as long as the password itself is made inaccessible by clearing the password hint – unless it was also stored somewhere else or Apple is worried about it having leaked in some other way?

 

[upandown]

2012 rMBP here. Not sure if it's anything but after updating the supplemental update, my Mac seems to be running smoother. Especially the animations. Which were a bit 'stuttery' after a clean USB install of 10.13.

 

[bbfc]

I have 10.13.1 installed and it's not available for me, so maybe it is in the beta already,

I doubt it. Maybe though.

 

[jonnysods]

A fast patch and an appreciated one.

Looking forward to some real hardcore patches too. A bit buggier than I was expecting on my 2016 tbmbp

 

[ApfelKuchen]

What if you did not update to High Sierra yet? I'd rather not have to backup, update, backup, wipe, reformat, restore, etc. If I go straight to High Sierra, is the supplemental update included?

Per Apple's release document https://support.apple.com/HT208165

New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.

 

[PBG4 Dude]

I presume so. Maybe this fix will be included in the next beta. I haven’t checked for updates yet though.

No update shows for me currently on beta 1.

 

[upandown]

Just to be clear, this only affects 'additional' APFS Encrypted Volumes? Not the main OS Volume? (Encrypted or not)

 

[ApfelKuchen]

I'm not sure it does. Are you referring to the following paragraph?



I'm not sure what that has to do with anything or why that would be an issue as long as the password itself is made inaccessible by clearing the password hint – unless it was also stored somewhere else or Apple is worried about it having leaked in some other way?

I think it's that last part - removing the hint prevents someone from stumbling across the password in the future, but doesn't address the period that preceded the removal of the hint.

There's always the question of "How secure is secure?" Deleting the hint may be all that's necessary for your needs, but for other users, it may not. Apple's recommendation is a pain, but it's prudent - if the volume was created with a flawed methodology, go back to square one.