Disk Utility Bug in macOS High Sierra Exposes Passwords of Encrypted APFS Volumes in Plain Text [Updated]

Surprised this happened, but given that it did, not surprised Disk Utility is the culprit. Whoever redid it in El Capitan majorly ruined it. I can't even mount or repartition drives properly. Reproducible bugs all over. I've resorted to command line utils and hacking the old DU to work on Sierra because I can't trust such a pile of crap when I'm managing my disks.

 

https://forums.macrumors.com/thread...e-with-fix-for-apfs-disk-utility-bug.2075452/

Excellent.

 

Wait, what? Everyone who sets a hint on an AFPS volume created in Disk Utility is screwed. Most people use DU. IDK if the macOS installer uses it when you convert your HFS volume to AFPS; does it? If so, that's even worse.

--- Post Merged, Oct 5, 2017 ---

It's a lot harder when most of the src isn't available. Can't rely on users to find these things, especially when they're critical to security.

 

I get your point about Google, and that's a pretty serious example. OTOH, it wasn't a programming mistake, but rather Google making a poor policy decision. I'm not a fan of some of Google's policies, but there's a distinction here. Apple, in their software, intended to do one thing (provide secure storage), but instead did the exact opposite (completely defeated the security). In Google's case, they intended to do something with their software, and they did it.

I feel like Apple is much more likely to accidentally release all my personal information, and Google is much more likely to make a policy decision that hurts aspects of my privacy.

 

You're mounting it wrong.....

That's what she said.

 

The bug has nothing to do with mounting. Disk Utility sets the hint to the password when you create it. That's it. And regardless, the testers should try mounting disks, don't you think?!

 

Oh to be a fly on the wall in Steve Jobs's office if this bug had made a final OS X release during his reign.

 

The article is misleading. They should clarify that the bug is at the time of creating the volume. It simply sets the hint to the password itself. It's not an encryption bug.

 

A password hint isn't a hint if you need a password to get the hint. (But, oh, the possibilities: password hint hints?) The hint could still be encrypted somehow; I'm not sure how they're stored. But that's really irrelevant here. If encrypted, it has to be reversible so the hint can be displayed, and that could very well be exactly what is happening here. It's just that a Disk Utility bug caused the hint, if set, to be ignored and set to the password itself.

 

Marketing is dictating timescales that are just not realistic for development to hit and maintain quality. This has to stop. Each year we keep getting buggy Os drops

 

I don't challenge what you've said, but an argument can be made that the current approach of simultaneously releasing two OSes plus multiple hardware products is not yielding good results. Apple software has taken a noticeable dip in quality in the last 5 years or so, which has caught the attention of more than a few tech journalists. (And users!)

Perhaps the old way of spacing things out would no longer work, given the complexity and interrelated-ness of the two platforms, which only increases with every release. Perhaps more time between major releases to get things fully baked would be helpful, and would avoid debacles such as the discoveryd mess in Yosemite. Prior to Lion, most OS X releases weren't extremely stable in a broad swath of circumstances until 10.x.4 or 10.x.5, give or take. These days, that's the point where we're about to jump to another major release altogether and we never fully achieve a state of rock-solid stability and reliability.

Perhaps they should dispense with major version updates altogether for macOS (in some ways, they're an obsolete concept) and just have a regular cadence of system updates such as the semi-annual rollouts with Windows 10.

I don't claim to have the answer, but I am of the opinion that customer experience has measurably deteriorated and Apple needs to do better. Windows is pretty solid these days and macOS no longer looks so obviously superior as it did in the XP and Vista era.

 

LOL. The real beta process begins when the GM build has been released to the public. We won't see the "final build" until point release 2 and up.

 

Same here.
First time I am holding off a Mac OS update for my main machine.
Will be waiting for macOS 10.13.2.

 

This update seems to enable backlighting on the keyboard upon boot on my macbook pro 2017 model. Others notice the same?

 

They were in the Sierra and were high.

 

LOL @ Apple lately. I was a die hard Apple user... not I cant help but hate them more and more; and the unfortunate thing, they are still better than Google/Android.

Sad.

 

Already patched. We can stop crying about something at 99.9% of people here would never have used anyways and is now taken care of.

 

ok.. Apple fixed this one. I initially got shocked by this when i mis-read and thought due to this update Apple would be forcing customers to re-encypt their drives, which means backup as well.. lol

phew.... !

 

I don’t think the issues affects my machine but updated it anyways.

 

The quality dip isn't caused by simultaneous release. It's caused by a decline in Apple's interest in quality. They pay lip service to it, but the results speak for themselves. Apple has effectively infinite resources. The mythical man month does not apply to testing. They choose not to hire the right people with the right focus, and they make the wrong decisions about bug priorities.

 

You can't make up stuff like this, its a bad joke.

 

Now how about an update for Sierra, for those of us smart enough NOT to update to the first iteration of a macOS?

 

The important point... is that if I'm reading this all correctly... it's a bug in Disk Utility in that release. So, once patched it should be OK again, and/or someone using the broken version of Disk Utility couldn't install it on your machine and get your password. It's a bug in the creation process of a new disc image... it doesn't uncover the password for images created in previous versions of disk utility. Right?

 

They do: beta testers.

--- Post Merged, Oct 5, 2017 ---

That's not even smart...wait till later update?

 

how do i know if i have to do that backup process?