Disk Utility Bug in macOS High Sierra Exposes Passwords of Encrypted APFS Volumes in Plain Text [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 5, 2017.

  1. tkermit macrumors 68040

    tkermit

    Joined:
    Feb 20, 2004
    #101
    It seemed to affect only some of my volumes. As a first task I made sure to clear all my password hints. Hopefully this will already suffice. I.e. find out the volume identifier of affected disks, disk3s2 in this case, and run:

    Code:
    diskutil apfs setPassphraseHint disk3s2 -user disk -clear
     
  2. cppguy macrumors 6502

    Joined:
    Apr 6, 2009
    Location:
    SF Bay Area, California
    #102
    It makes me angry when they're not testing absolutely standard scenario like this. They haven't even tried the software once! Not even to see if it works. It's like no QA at all. I understand complex bugs can be missed, but not testing basic features is why I trust Apple less and less every year.
     
  3. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #103
    A hint for the hint? ;) Encrypting the hint seems excessive; the hint should help the user remember, not help others to decipher.

    It is just a bug in Disk Utility; it doesn't happen when using the Terminal.
    And not an APFS issue either.
     
  4. Jmacca macrumors newbie

    Joined:
    Jan 23, 2009
    #104
    If you create a encrypted image in Disk Utility without a password hint, it works as before. No problems!
     

    Attached Files:

  5. Macula macrumors 6502

    Macula

    Joined:
    Oct 23, 2006
    Location:
    All over the place
    #105
    I'm afraid it's the other way around, Windows hired Apple's ex-.
     
  6. BornAgainMac macrumors 603

    BornAgainMac

    Joined:
    Feb 4, 2004
    Location:
    Florida Resident
    #106
    Somewhere in the world, this may have actually helped someone out that forgot their password.
     
  7. truethug macrumors newbie

    Joined:
    Sep 13, 2012
    #107
    I have seen both of these iOS 11 bugs today on iOS 11.1
     
  8. jclardy macrumors 68040

    jclardy

    Joined:
    Oct 6, 2008
    #108
    Well, that seems like a bug that should've been caught by an automated test.
     
  9. blackcrayon macrumors 68000

    Joined:
    Mar 10, 2003
    #109
    Of course. If you don't create a hint, it has nothing to try to display.

    (I guess it's possible it could've been so broken that it created a hint anyway with your password text :) )
     
  10. ArtOfWarfare, Oct 5, 2017
    Last edited: Oct 10, 2017

    ArtOfWarfare macrumors 604

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #110
    I'm going to guess this is because there's a function that takes positional arguments instead of named arguments that look something like this:

    Code:
    encrypt(String volume, String hint, String password)
    encrypt(String volume, String password)
    And someone instead called it with

    Code:
    if (hint) {
        encrypt(volume, password, hint);  // The bug is here, should have been hint then password
    else {
        encrypt(volume, password);
    }
    Although... in that case, I'd think you'd have to actually enter your hint to decrypt instead of your password...

    Edit: Somebody decompiled the patch and found the actual bug. You can read their full post here:
    https://cocoaengineering.com/2017/1...ng-macos-high-sierra-supplemental-update/amp/

    But basically the bug is this:
    Code:
    optionsDictionary[kSKAPFSDiskPasswordOption] = password;
    optionsDictionary[kSKAPFSDiskPasswordHintOption] = password;
    Somebody copy and pasted the first line of code and correctly changed the key being set, but not the value being set.

    I'd say the issue is that they're working in a crappy, extraordinarily verbose language. I consider copy and paste when programming to be a sin. There's some abstraction that is being left out.

    Credit to rshrugged for sharing that blog post with me here:
    https://forums.macrumors.com/thread...ain-text-updated.2075405/page-7#post-25197367
     
  11. jonnysods macrumors 603

    jonnysods

    Joined:
    Sep 20, 2006
    Location:
    There & Back Again
    #111
    I have to say that's a pretty strong hint. Shouldn't be too hard to remember your password when its there plain as day...!
     
  12. ApfelKuchen, Oct 5, 2017
    Last edited by a moderator: Oct 5, 2017

    ApfelKuchen macrumors 68030

    Joined:
    Aug 28, 2012
    Location:
    Between the coasts
    #112
    I also see all the usual critics here, to tell us that it's the end of the world.

    I know, there's a tendency for people to want to live within the bubble of a single viewpoint. It's very comforting to have the illusion that you're part of a huge majority. However, if we're to have something resembling a free society, there has to be something more than a single point of view. We need to be exposed to different viewpoints.
     
  13. Soba macrumors member

    Soba

    Joined:
    May 28, 2003
    Location:
    Pittsburgh, PA
    #113
    I do not understand why they launch everything all at one time. It's not only excessive and unnecessary, but they would probably net more publicity if they spaced things out.

    After the very public MobileMe launch failure in 2008, Steve Jobs angrily chewed out the team, but later issued a mea culpa.

    "'It was a mistake to launch MobileMe at the same time as iPhone 3G, iPhone 2.0 software and the App Store,' Jobs writes in an email to Apple employees. 'We all had more than enough to do, and MobileMe could have been delayed without consequence.'"

    https://www.cultofmac.com/495868/today-in-apple-history-steve-jobs-acknowledges-mobileme-failure/

    "We all had more than enough to do." Trying to polish and debug two highly complex OSes while prepping multiple hardware launches is insane.
     
  14. adrianlondon macrumors 6502a

    Joined:
    Nov 28, 2013
    Location:
    Switzerland
    #114
    And if one did still forget, just watch your youtube video of it being set!
     
  15. JosephAW macrumors 65816

    JosephAW

    Joined:
    May 14, 2012
    #115
    Apple calls this "A Feature!"
    I wonder if this exists in iOS 11?
    Shhhhh, don't let the govmnt know about this.
     
  16. Amazing Iceman macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #116
    QA Engineers? It's us!
     
  17. weup togo macrumors regular

    Joined:
    May 6, 2016
    #117
    You have obviously never been involved in professional QA. This is precisely the sort of scenario that proper QA would map out. A bug like this is far more likely to be found by a QA guy than a Security Expert, because it's just straight workflow and expected vs. actual results.
     
  18. sbailey4, Oct 5, 2017
    Last edited: Oct 5, 2017

    sbailey4 macrumors 68030

    sbailey4

    Joined:
    Dec 5, 2011
    Location:
    USA
    #118
    You assume it was not reported rather than Apple just simply didn't address it yet? Same with iOS 11.0. Issues reported multiple times from beta 1-10 and same issues still exist in 11.0 release, 11.0.1, 11.0.2 and 11.1 beta 1.
     
  19. SoyCapitanSoyCapitan macrumors 68040

    SoyCapitanSoyCapitan

    Joined:
    Jul 4, 2015
    #119
    Incredible how billions of dollars and years of development results in this
     
  20. gweedo macrumors member

    gweedo

    Joined:
    Jul 23, 2002
    Location:
    TX
    #120
    I wonder if any of this is tied to rewriting applications and utilities to use swift? That is not a small change, and effectively starts over the entire testing/debugging process for an app.
     
  21. weup togo macrumors regular

    Joined:
    May 6, 2016
    #121
    Two reasons:
    1) There are always a ton of Major security issues resolved in common code across both OSes. Releasing at different times would involve either qualifying what are often signficant architectural changes for both 10.12 and a later 10.13, or else permitting a patch gap where attackers reverse-engineer the fixes in iOS to craft exploits against macOS.

    2) There are frequently cross-platform features like iCloud and AirDrop that require lock-step changes, often in server-side components. There have been releases in the past where certain features DID NOT WORK on all of your devices until you had updated every one of them to the new major update.

    The second is sometimes an issue depending on the OS feature set. The first is always an issue for every single release. These are not easy choices.
     
  22. kemal macrumors 6502a

    kemal

    Joined:
    Dec 21, 2001
    Location:
    Nebraska
    #122
    It's not the mistake but how you deal with it. This time it IS the mistake. The fik should be out in minutes, too.
     
  23. MrGuder macrumors 68020

    Joined:
    Nov 30, 2012
    #123
    I won't be upgrading until I hear less and less of these High Sierra critical vuneralbilities.
     
  24. randyhudson macrumors regular

    Joined:
    Oct 28, 2007
    Location:
    East Coast
    #124
    Macrumors seems to be using the same QA team as Apple.

    If MR knew even the basics of file system encryption, they would know that encrypted Apple File System volumes do not contain the password, neither in its original form or a form that can be [easily] reverted to the original. All that has happened here is disk utility is storing the password as the hint.

    This is a bug in one application, not a vulnerability in the OS.
     
  25. Applebot1 macrumors 6502

    Joined:
    Jan 4, 2014
    Location:
    UK
    #125
    I agree with all about Quality control especially since it takes Apple forever to release anything.

    You pay a premium for Apple products so expect premium standards.

    Simply not good enough ...Tim
     

Share This Page