Apple Releases macOS High Sierra 10.13 Supplemental Update With Fix for APFS Disk Utility Bug and Keychain Vulnerability

Discussion in ' News Discussion' started by MacRumors, Oct 5, 2017.

  1. Williesleg macrumors regular

    Oct 28, 2014
    NY, NY
    What's troubling is that Apple stores your passwords unencrypted or has a way to decrypt them.

    That's inexcusable.

    Normally when you key in a password on any sane operating system, it encrypts what you keyed in with an one-way encryption algorithm. Then it compares the encrypted string vs. what's stored encrypted. That's the way it's supposed to work.

    What this says is that Apple either chooses to ignore that, or doesn't care. Either way, the cat's out of the bag, there's a way for Apple to see or recover your password easily.
  2. J.Dillinger macrumors member

    Sep 3, 2010
    Is anyone else's Sharing preference pane option greyed out after this update?
  3. mwined macrumors member


    Oct 5, 2017
    What is troubling is the inability of some folk to actually read and comprehend the technical details of how a thing works.
    This is an issue with "Disk", and effects those that "added" an encrypted APFS volume with a password hint, using Disk, after installing the release version of High Sierra.
    The password is not "stored" unencrypted, unless you added an encrypted APFS volume using Disk - with a password hint, after installing the release version of High Sierra. Even then it is merely -- at the time of clicking the button to initiate the encryption -- copying a text string that has not yet been encrypted (but hidden by dots) to the Hint field.

    Should the OS have been released without this bug? Yes.
    Did it actually effect you or your boot volume? Not unless you like doing things the hard way.
    If you have added an encrypted APFS volume, install the supplemental update on your boot volume, and follow the instructions to remediate the password in the hints field for that added volume.

    All that said, I'm sure there are some that won't be able to read past the first sentence of my reply before the outrage machine starts typing.
  4. upandown macrumors 6502

    Apr 10, 2017
    I think its about the same? Hard to say
  5. steve333 macrumors 6502a

    Dec 12, 2008
    How come High Sierra is not showing up in App Store updates? I have a 2011 Mini so shouldn't it be asking me to upgrade from Sierra?
  6. jbachandouris macrumors 601


    Aug 18, 2009
    Upstate NY
    Well, 8:30PM EST and the update still not showing in the app store.
    10.13.1 Beta
  7. lkrupp macrumors 6502a

    Jul 24, 2004
    Apple being trashed for releasing a bug fix. Only on MacRumors.
  8. algengler macrumors newbie


    Feb 17, 2010
    Does anyone know if the update is included in the High Sierra download from Apple and if so does it fix any of the install issues that forced many to restore from backup back to Sierra.
  9. MrChurchyard macrumors member

    Sep 22, 2008
    Nah :)
    This is not about the user’s system password not being hashed (or “encrypted” as you call it), this is about passwords stored in the password manager (Keychain). Being able to read the passwords stored in your password manager is pretty much the the point of a password manager like Keychain.
  10. JeffyTheQuik macrumors 68020


    Aug 27, 2014
    Charleston, SC and Everett, WA
    I was thinking back to my Microsoft days, and there would be a work around that said something like:
    "A way to keep others from seeing the password, put a post-it note, or other blocking device on your screen. While this may not help all users, when the testing on the fix comes, we will commandeer your computer, force the fix on you, and if you're not there, reboot your computer without your permission, and you'll lose all the open work on your desktop."
  11. dempson macrumors regular

    Jun 10, 2007
    Wellington, New Zealand
    This supplementary update is only for Macs already running 10.13.0, so it won't show up for Macs running 10.12.6.

    At some point (probably coinciding with the release of 10.13.1 if not sooner) there will be a security update for 10.12.6, which will hopefully include the fix for the keychain issue. The Disk Utility issue doesn't affect 10.12.6 as it was a bug in a new feature introduced in the 10.13 version of Disk Utility (creating an encrypted APFS volume).

    Apple stopped pushing new version notices to older OS versions when High Sierra was released, which also means the "Free Upgrade" banner at the top of the Updates tab in App Store has disappeared. If you want to get High Sierra now, you can do so via the Featured tab in App Store.

    At some point (perhaps 10.13.1), Apple will reactivate the Free Upgrade banner, and those on older OS versions can resume getting annoyed about the pushed notices.

    The supplementary update was included in a new download of the High Sierra installer I got from App Store a few hours ago (the "Install macOS High" version is 13.0.66 instead of 13.0.64, and the system it contains is build 17A405 instead of the original 17A365). Timing of its availability may vary depending on how quickly it gets to each node of the worldwide distributed network of servers.

    No idea about install issues as I haven't encountered them but it does claim to make the installer more robust.
  12. MacGizmo, Oct 5, 2017
    Last edited: Oct 5, 2017

    MacGizmo macrumors 65816


    Apr 27, 2003
    Has anyone running the public beta (17B25c) been able to get this update, or is it supposed to already be included in the beta? I suspect that another public beta update will be coming with this minor update included... but I thought I would ask around here.

    [Update] Sorry, I didn't see earlier posts from people asking the same question, and saying that NO, the patch is NOT included in the public beta. Hopefully Apple releases public beta 2 very soon with this patch included.
  13. jdillings macrumors 68000

    Jun 21, 2015
    I hereby decree today Patch Thursday. Please join me in looking forward to Patch Tuesday and Patch Thursday every week from here on out.
  14. ke-iron macrumors 65816

    Aug 14, 2014
    Ok eff this. I want to know why my brand new 2017 MacBook Pro with Touch Bar running high Sierra, Siri still does not have the new natural voice that my iPhone has. WTH, Apple is really slacking these days.
  15. wbeasley macrumors 6502


    Nov 23, 2007
    Have they fixed the bug where files larger than 2gig can't copy over to an external USB? My movie rips used to work fine in Sierra, no error all the time. Take the external disks offline and use a Windows PC to copy the large files. Grrrrr. (Well at least my old Windows laptop has come in handy for something... hahaha)
  16. tromboneaholic macrumors 65816


    Jun 9, 2004
    Clearwater, FL
    Use your computer.
  17. BenTrovato macrumors 68030


    Jun 29, 2012
    I guess that’s why I asked. The High Sierra upgrade was the first time I couldn’t upgrade the OS with an external monitor. Was wondering if they fixed that. I guess it only works with no dongles or external displays.
  18. tromboneaholic macrumors 65816


    Jun 9, 2004
    Clearwater, FL
    I just copied a 2.3 GB zip.
  19. pat500000 macrumors G3


    Jun 3, 2015
    Maybe if MR start making articles of the things that needs to be fixed, I'm sure Apple people will read those articles that needs to be fixed.
  20. mr_vinjah macrumors newbie

    Apr 28, 2016
    SF, CA
    Just to followup, I the installer was stuck on the black screen with white apple after 2 more hours so I force-shutdown. Upon reboot I was given the login window, then during my user login process (with user avatar and blurred desktop image), it got halfway through then said "completing install". After about 10m I was in the Finder and all seemed ok, except that the update was not actually applied (it seemed) as it showed up in App Store Updates and verified older build number. Will try again tomorrow, but at least I wasn't bricked.
  21. Ritmo macrumors member


    Mar 27, 2009
  22. cult hero macrumors 6502a

    cult hero

    Jun 6, 2005
    People have got to stop calling this an APFS vulnerability. It's not. It was a bug in Disk Utility.

    This bug seems consistent with Disk Utility too, a program that gets worse and less useful with every... single... update. I have started just using the command line tools for managing disks for purposes other than a quick format. Try partitioning a USB flash stick through Disk Utility because... why would anyone want to do that?
    --- Post Merged, Oct 5, 2017 ---
    I'm encrypted with FileVault and did the update while connected to my LG 5K (TB3). No issues here.

    I try to avoid force reboots but... sometimes... ugh.
  23. Jaekae macrumors 6502a

    Dec 4, 2012
    I have same battery length
  24. votdfak macrumors regular


    Mar 15, 2011
    Because iOS 11 is the buggiest **** ever. Never ever had to reboot phone this much.
  25. ItWasNotMe macrumors 6502

    Dec 1, 2012
    Seems to have fixed Yahoo mail, but now my Gmail is broken:(

Share This Page