Apple Releases macOS High Sierra 10.13 Supplemental Update With Fix for APFS Disk Utility Bug and Keychain Vulnerability

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 5, 2017.

  1. Williesleg macrumors member

    Joined:
    Oct 28, 2014
    Location:
    NY, NY
    #151
    What's troubling is that Apple stores your passwords unencrypted or has a way to decrypt them.

    That's inexcusable.

    Normally when you key in a password on any sane operating system, it encrypts what you keyed in with an one-way encryption algorithm. Then it compares the encrypted string vs. what's stored encrypted. That's the way it's supposed to work.

    What this says is that Apple either chooses to ignore that, or doesn't care. Either way, the cat's out of the bag, there's a way for Apple to see or recover your password easily.
     
  2. J.Dillinger macrumors member

    Joined:
    Sep 3, 2010
    #152
    Is anyone else's Sharing preference pane option greyed out after this update?
     
  3. mwined macrumors newbie

    mwined

    Joined:
    Oct 5, 2017
    #153
    What is troubling is the inability of some folk to actually read and comprehend the technical details of how a thing works.
    This is an issue with "Disk Utility.app", and effects those that "added" an encrypted APFS volume with a password hint, using Disk Utility.app, after installing the release version of High Sierra.
    The password is not "stored" unencrypted, unless you added an encrypted APFS volume using Disk Utility.app - with a password hint, after installing the release version of High Sierra. Even then it is merely -- at the time of clicking the button to initiate the encryption -- copying a text string that has not yet been encrypted (but hidden by dots) to the Hint field.

    Should the OS have been released without this bug? Yes.
    Did it actually effect you or your boot volume? Not unless you like doing things the hard way.
    If you have added an encrypted APFS volume, install the supplemental update on your boot volume, and follow the instructions to remediate the password in the hints field for that added volume.

    All that said, I'm sure there are some that won't be able to read past the first sentence of my reply before the outrage machine starts typing.
     
  4. upandown macrumors regular

    Joined:
    Apr 10, 2017
    #154
    I think its about the same? Hard to say
     
  5. steve333 macrumors 6502a

    Joined:
    Dec 12, 2008
    #155
    How come High Sierra is not showing up in App Store updates? I have a 2011 Mini so shouldn't it be asking me to upgrade from Sierra?
     
  6. jbachandouris macrumors 601

    jbachandouris

    Joined:
    Aug 18, 2009
    Location:
    Upstate NY
    #156
    Well, 8:30PM EST and the update still not showing in the app store.
    10.13.1 Beta
     
  7. lkrupp Suspended

    Joined:
    Jul 24, 2004
    #157
    Apple being trashed for releasing a bug fix. Only on MacRumors.
     
  8. algengler macrumors newbie

    algengler

    Joined:
    Feb 17, 2010
    Location:
    tennessee
    #158
    Does anyone know if the update is included in the High Sierra download from Apple and if so does it fix any of the install issues that forced many to restore from backup back to Sierra.
     
  9. MrChurchyard macrumors member

    Joined:
    Sep 22, 2008
    #159
    Nah :)
    This is not about the user’s system password not being hashed (or “encrypted” as you call it), this is about passwords stored in the password manager (Keychain). Being able to read the passwords stored in your password manager is pretty much the the point of a password manager like Keychain.
     
  10. JeffyTheQuik macrumors 68020

    JeffyTheQuik

    Joined:
    Aug 27, 2014
    Location:
    Charleston, SC and Everett, WA
    #160
    I was thinking back to my Microsoft days, and there would be a work around that said something like:
    "A way to keep others from seeing the password, put a post-it note, or other blocking device on your screen. While this may not help all users, when the testing on the fix comes, we will commandeer your computer, force the fix on you, and if you're not there, reboot your computer without your permission, and you'll lose all the open work on your desktop."
     
  11. dempson macrumors regular

    Joined:
    Jun 10, 2007
    Location:
    Wellington, New Zealand
    #161
    This supplementary update is only for Macs already running 10.13.0, so it won't show up for Macs running 10.12.6.

    At some point (probably coinciding with the release of 10.13.1 if not sooner) there will be a security update for 10.12.6, which will hopefully include the fix for the keychain issue. The Disk Utility issue doesn't affect 10.12.6 as it was a bug in a new feature introduced in the 10.13 version of Disk Utility (creating an encrypted APFS volume).

    Apple stopped pushing new version notices to older OS versions when High Sierra was released, which also means the "Free Upgrade" banner at the top of the Updates tab in App Store has disappeared. If you want to get High Sierra now, you can do so via the Featured tab in App Store.

    At some point (perhaps 10.13.1), Apple will reactivate the Free Upgrade banner, and those on older OS versions can resume getting annoyed about the pushed notices.

    The supplementary update was included in a new download of the High Sierra installer I got from App Store a few hours ago (the "Install macOS High Sierra.app" version is 13.0.66 instead of 13.0.64, and the system it contains is build 17A405 instead of the original 17A365). Timing of its availability may vary depending on how quickly it gets to each node of the worldwide distributed network of servers.

    No idea about install issues as I haven't encountered them but it does claim to make the installer more robust.
     
  12. MacGizmo, Oct 5, 2017
    Last edited: Oct 5, 2017

    MacGizmo macrumors 6502a

    MacGizmo

    Joined:
    Apr 27, 2003
    Location:
    Arizona
    #162
    Has anyone running the public beta (17B25c) been able to get this update, or is it supposed to already be included in the beta? I suspect that another public beta update will be coming with this minor update included... but I thought I would ask around here.

    [Update] Sorry, I didn't see earlier posts from people asking the same question, and saying that NO, the patch is NOT included in the public beta. Hopefully Apple releases public beta 2 very soon with this patch included.
     
  13. jdillings macrumors 65816

    Joined:
    Jun 21, 2015
    #163
    I hereby decree today Patch Thursday. Please join me in looking forward to Patch Tuesday and Patch Thursday every week from here on out.
     
  14. ke-iron macrumors 65816

    Joined:
    Aug 14, 2014
    #164
    Ok eff this. I want to know why my brand new 2017 MacBook Pro with Touch Bar running high Sierra, Siri still does not have the new natural voice that my iPhone has. WTH, Apple is really slacking these days.
     
  15. wbeasley macrumors regular

    wbeasley

    Joined:
    Nov 23, 2007
    #165
    Have they fixed the bug where files larger than 2gig can't copy over to an external USB? My movie rips used to work fine in Sierra, no error all the time. Take the external disks offline and use a Windows PC to copy the large files. Grrrrr. (Well at least my old Windows laptop has come in handy for something... hahaha)
     
  16. tromboneaholic macrumors 65816

    tromboneaholic

    Joined:
    Jun 9, 2004
    Location:
    Clearwater, FL
    #166
    Use your computer.
     
  17. BenTrovato macrumors 68020

    BenTrovato

    Joined:
    Jun 29, 2012
    Location:
    Canada
    #167
    I guess that’s why I asked. The High Sierra upgrade was the first time I couldn’t upgrade the OS with an external monitor. Was wondering if they fixed that. I guess it only works with no dongles or external displays.
     
  18. tromboneaholic macrumors 65816

    tromboneaholic

    Joined:
    Jun 9, 2004
    Location:
    Clearwater, FL
    #168
    I just copied a 2.3 GB zip.
     
  19. pat500000 macrumors 604

    pat500000

    Joined:
    Jun 3, 2015
    #169
    Maybe if MR start making articles of the things that needs to be fixed, I'm sure Apple people will read those articles that needs to be fixed.
     
  20. mr_vinjah macrumors newbie

    Joined:
    Apr 28, 2016
    Location:
    SF, CA
    #170
    Just to followup, I the installer was stuck on the black screen with white apple after 2 more hours so I force-shutdown. Upon reboot I was given the login window, then during my user login process (with user avatar and blurred desktop image), it got halfway through then said "completing install". After about 10m I was in the Finder and all seemed ok, except that the update was not actually applied (it seemed) as it showed up in App Store Updates and verified older build number. Will try again tomorrow, but at least I wasn't bricked.
     
  21. Ritmo macrumors member

    Ritmo

    Joined:
    Mar 27, 2009
    Location:
    Finland
    #171
  22. cult hero macrumors 6502a

    cult hero

    Joined:
    Jun 6, 2005
    #172
    People have got to stop calling this an APFS vulnerability. It's not. It was a bug in Disk Utility.

    This bug seems consistent with Disk Utility too, a program that gets worse and less useful with every... single... update. I have started just using the command line tools for managing disks for purposes other than a quick format. Try partitioning a USB flash stick through Disk Utility because... why would anyone want to do that?
    --- Post Merged, Oct 5, 2017 ---
    I'm encrypted with FileVault and did the update while connected to my LG 5K (TB3). No issues here.

    I try to avoid force reboots but... sometimes... ugh.
     
  23. Jaekae macrumors 6502a

    Joined:
    Dec 4, 2012
    #173
    I have same battery length
     
  24. votdfak macrumors regular

    votdfak

    Joined:
    Mar 15, 2011
    #174
    Because iOS 11 is the buggiest **** ever. Never ever had to reboot phone this much.
     
  25. ItWasNotMe macrumors regular

    Joined:
    Dec 1, 2012
    #175
    Seems to have fixed Yahoo mail, but now my Gmail is broken:(
     

Share This Page