Disk Utility Bug in macOS High Sierra Exposes Passwords of Encrypted APFS Volumes in Plain Text [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 5, 2017.

  1. tkermit macrumors 68040


    Feb 20, 2004
    It seemed to affect only some of my volumes. As a first task I made sure to clear all my password hints. Hopefully this will already suffice. I.e. find out the volume identifier of affected disks, disk3s2 in this case, and run:

    diskutil apfs setPassphraseHint disk3s2 -user disk -clear
  2. cppguy macrumors 6502

    Apr 6, 2009
    SF Bay Area, California
    It makes me angry when they're not testing absolutely standard scenario like this. They haven't even tried the software once! Not even to see if it works. It's like no QA at all. I understand complex bugs can be missed, but not testing basic features is why I trust Apple less and less every year.
  3. belvdr macrumors 603

    Aug 15, 2005
    A hint for the hint? ;) Encrypting the hint seems excessive; the hint should help the user remember, not help others to decipher.

    It is just a bug in Disk Utility; it doesn't happen when using the Terminal.
    And not an APFS issue either.
  4. Jmacca macrumors newbie

    Jan 23, 2009
    If you create a encrypted image in Disk Utility without a password hint, it works as before. No problems!

    Attached Files:

  5. Macula macrumors 6502


    Oct 23, 2006
    All over the place
    I'm afraid it's the other way around, Windows hired Apple's ex-.
  6. BornAgainMac macrumors 603


    Feb 4, 2004
    Florida Resident
    Somewhere in the world, this may have actually helped someone out that forgot their password.
  7. truethug macrumors newbie

    Sep 13, 2012
    I have seen both of these iOS 11 bugs today on iOS 11.1
  8. jclardy macrumors 68040


    Oct 6, 2008
    Well, that seems like a bug that should've been caught by an automated test.
  9. blackcrayon macrumors 68000

    Mar 10, 2003
    Of course. If you don't create a hint, it has nothing to try to display.

    (I guess it's possible it could've been so broken that it created a hint anyway with your password text :) )
  10. ArtOfWarfare, Oct 5, 2017
    Last edited: Oct 10, 2017

    ArtOfWarfare macrumors G3


    Nov 26, 2007
    I'm going to guess this is because there's a function that takes positional arguments instead of named arguments that look something like this:

    encrypt(String volume, String hint, String password)
    encrypt(String volume, String password)
    And someone instead called it with

    if (hint) {
        encrypt(volume, password, hint);  // The bug is here, should have been hint then password
    else {
        encrypt(volume, password);
    Although... in that case, I'd think you'd have to actually enter your hint to decrypt instead of your password...

    Edit: Somebody decompiled the patch and found the actual bug. You can read their full post here:

    But basically the bug is this:
    optionsDictionary[kSKAPFSDiskPasswordOption] = password;
    optionsDictionary[kSKAPFSDiskPasswordHintOption] = password;
    Somebody copy and pasted the first line of code and correctly changed the key being set, but not the value being set.

    I'd say the issue is that they're working in a crappy, extraordinarily verbose language. I consider copy and paste when programming to be a sin. There's some abstraction that is being left out.

    Credit to rshrugged for sharing that blog post with me here:
  11. jonnysods macrumors 603


    Sep 20, 2006
    There & Back Again
    I have to say that's a pretty strong hint. Shouldn't be too hard to remember your password when its there plain as day...!
  12. ApfelKuchen, Oct 5, 2017
    Last edited by a moderator: Oct 5, 2017

    ApfelKuchen macrumors 68030

    Aug 28, 2012
    Between the coasts
    I also see all the usual critics here, to tell us that it's the end of the world.

    I know, there's a tendency for people to want to live within the bubble of a single viewpoint. It's very comforting to have the illusion that you're part of a huge majority. However, if we're to have something resembling a free society, there has to be something more than a single point of view. We need to be exposed to different viewpoints.
  13. Soba macrumors member


    May 28, 2003
    Rochester, NY
    I do not understand why they launch everything all at one time. It's not only excessive and unnecessary, but they would probably net more publicity if they spaced things out.

    After the very public MobileMe launch failure in 2008, Steve Jobs angrily chewed out the team, but later issued a mea culpa.

    "'It was a mistake to launch MobileMe at the same time as iPhone 3G, iPhone 2.0 software and the App Store,' Jobs writes in an email to Apple employees. 'We all had more than enough to do, and MobileMe could have been delayed without consequence.'"


    "We all had more than enough to do." Trying to polish and debug two highly complex OSes while prepping multiple hardware launches is insane.
  14. adrianlondon macrumors 6502a


    Nov 28, 2013
    And if one did still forget, just watch your youtube video of it being set!
  15. JosephAW macrumors 68000


    May 14, 2012
    Apple calls this "A Feature!"
    I wonder if this exists in iOS 11?
    Shhhhh, don't let the govmnt know about this.
  16. Amazing Iceman macrumors 68040

    Amazing Iceman

    Nov 8, 2008
    Florida, U.S.A.
    QA Engineers? It's us!
  17. weup togo macrumors regular

    May 6, 2016
    You have obviously never been involved in professional QA. This is precisely the sort of scenario that proper QA would map out. A bug like this is far more likely to be found by a QA guy than a Security Expert, because it's just straight workflow and expected vs. actual results.
  18. sbailey4, Oct 5, 2017
    Last edited: Oct 5, 2017

    sbailey4 macrumors 68040


    Dec 5, 2011
    You assume it was not reported rather than Apple just simply didn't address it yet? Same with iOS 11.0. Issues reported multiple times from beta 1-10 and same issues still exist in 11.0 release, 11.0.1, 11.0.2 and 11.1 beta 1.
  19. SoyCapitanSoyCapitan macrumors 68040


    Jul 4, 2015
    Incredible how billions of dollars and years of development results in this
  20. gweedo macrumors member


    Jul 23, 2002
    I wonder if any of this is tied to rewriting applications and utilities to use swift? That is not a small change, and effectively starts over the entire testing/debugging process for an app.
  21. weup togo macrumors regular

    May 6, 2016
    Two reasons:
    1) There are always a ton of Major security issues resolved in common code across both OSes. Releasing at different times would involve either qualifying what are often signficant architectural changes for both 10.12 and a later 10.13, or else permitting a patch gap where attackers reverse-engineer the fixes in iOS to craft exploits against macOS.

    2) There are frequently cross-platform features like iCloud and AirDrop that require lock-step changes, often in server-side components. There have been releases in the past where certain features DID NOT WORK on all of your devices until you had updated every one of them to the new major update.

    The second is sometimes an issue depending on the OS feature set. The first is always an issue for every single release. These are not easy choices.
  22. kemal macrumors 65816


    Dec 21, 2001
    It's not the mistake but how you deal with it. This time it IS the mistake. The fik should be out in minutes, too.
  23. MrGuder macrumors 68020

    Nov 30, 2012
    I won't be upgrading until I hear less and less of these High Sierra critical vuneralbilities.
  24. randyhudson macrumors regular

    Oct 28, 2007
    East Coast
    Macrumors seems to be using the same QA team as Apple.

    If MR knew even the basics of file system encryption, they would know that encrypted Apple File System volumes do not contain the password, neither in its original form or a form that can be [easily] reverted to the original. All that has happened here is disk utility is storing the password as the hint.

    This is a bug in one application, not a vulnerability in the OS.
  25. Applebot1 macrumors 6502a

    Jan 4, 2014
    I agree with all about Quality control especially since it takes Apple forever to release anything.

    You pay a premium for Apple products so expect premium standards.

    Simply not good enough ...Tim

Share This Page