Disk Utility Bug in macOS High Sierra Exposes Passwords of Encrypted APFS Volumes in Plain Text [Updated]

[fairuz]

Surprised this happened, but given that it did, not surprised Disk Utility is the culprit. Whoever redid it in El Capitan majorly ruined it. I can't even mount or repartition drives properly. Reproducible bugs all over. I've resorted to command line utils and hacking the old DU to work on Sierra because I can't trust such a pile of crap when I'm managing my disks.

 

[bwintx]

https://forums.macrumors.com/thread...e-with-fix-for-apfs-disk-utility-bug.2075452/

Excellent.

 

[fairuz]

Something that will impact about 0.1% of Mac users. I wouldn't worry about it too much unless you're using encrypted volumes, mounting them, then unmounting, then mounting them.

Wait, what? Everyone who sets a hint on an AFPS volume created in Disk Utility is screwed. Most people use DU. IDK if the macOS installer uses it when you convert your HFS volume to AFPS; does it? If so, that's even worse.
[doublepost=1507224860][/doublepost]

This is why having the user community helping beta test software & OS releases is so important. Also glad to see people using their skills to help improve systems rather than exploitation and wreaking havoc.

It's a lot harder when most of the src isn't available. Can't rely on users to find these things, especially when they're critical to security.

 

[dwsolberg]

Yes, some blunder, and serious. But Google have had their share as well. When they launched Google+ many years ago people were linked together with others without their knowledge. Which for some Chinese dissidents meant they became "friends" with their adversaries. Maybe Google did call it something other than G+ but they did it to quickly get over a critical mass so the users would start using it.

I get your point about Google, and that's a pretty serious example. OTOH, it wasn't a programming mistake, but rather Google making a poor policy decision. I'm not a fan of some of Google's policies, but there's a distinction here. Apple, in their software, intended to do one thing (provide secure storage), but instead did the exact opposite (completely defeated the security). In Google's case, they intended to do something with their software, and they did it.

I feel like Apple is much more likely to accidentally release all my personal information, and Google is much more likely to make a policy decision that hurts aspects of my privacy.

 

[PlainviewX]

You're mounting it wrong.....

That's what she said.

 

[fairuz]

Exactly this. The reason why this could be missed because not many would be doing this and this is not a normal behaviour of an average consumer usage. And for those who mentioned that the QA testers are bad, do you even unmount, mount, unmount then mount your APFS container on a standard basis?

The bug has nothing to do with mounting. Disk Utility sets the hint to the password when you create it. That's it. And regardless, the testers should try mounting disks, don't you think?!

 

[rGiskard]

Oh to be a fly on the wall in Steve Jobs's office if this bug had made a final OS X release during his reign.

 

[fairuz]

While this is easily fixed, the bigger picture is hackers might be able to just archive this version of Disk Utility and use it into perpetuity to unlock any encrypted drive in the future.

The article is misleading. They should clarify that the bug is at the time of creating the volume. It simply sets the hint to the password itself. It's not an encryption bug.

 

[RMo]

More than an disk utility bug. Both the hint and password should be encrypted before being stored with separate keys. This prevents a piece of code from getting the hint in clear text. The key to decrypt the hint should be something else the user has to know.

A password hint isn't a hint if you need a password to get the hint. (But, oh, the possibilities: password hint hints?) The hint could still be encrypted somehow; I'm not sure how they're stored. But that's really irrelevant here. If encrypted, it has to be reversible so the hint can be displayed, and that could very well be exactly what is happening here. It's just that a Disk Utility bug caused the hint, if set, to be ignored and set to the password itself.

 

[MH01]

Marketing is dictating timescales that are just not realistic for development to hit and maintain quality. This has to stop. Each year we keep getting buggy Os drops

 

[Soba]

Two reasons:
1) There are always a ton of Major security issues resolved in common code across both OSes. Releasing at different times would involve either qualifying what are often signficant architectural changes for both 10.12 and a later 10.13, or else permitting a patch gap where attackers reverse-engineer the fixes in iOS to craft exploits against macOS.

2) There are frequently cross-platform features like iCloud and AirDrop that require lock-step changes, often in server-side components. There have been releases in the past where certain features DID NOT WORK on all of your devices until you had updated every one of them to the new major update.

The second is sometimes an issue depending on the OS feature set. The first is always an issue for every single release. These are not easy choices.

I don't challenge what you've said, but an argument can be made that the current approach of simultaneously releasing two OSes plus multiple hardware products is not yielding good results. Apple software has taken a noticeable dip in quality in the last 5 years or so, which has caught the attention of more than a few tech journalists. (And users!)

Perhaps the old way of spacing things out would no longer work, given the complexity and interrelated-ness of the two platforms, which only increases with every release. Perhaps more time between major releases to get things fully baked would be helpful, and would avoid debacles such as the discoveryd mess in Yosemite. Prior to Lion, most OS X releases weren't extremely stable in a broad swath of circumstances until 10.x.4 or 10.x.5, give or take. These days, that's the point where we're about to jump to another major release altogether and we never fully achieve a state of rock-solid stability and reliability.

Perhaps they should dispense with major version updates altogether for macOS (in some ways, they're an obsolete concept) and just have a regular cadence of system updates such as the semi-annual rollouts with Windows 10.

I don't claim to have the answer, but I am of the opinion that customer experience has measurably deteriorated and Apple needs to do better. Windows is pretty solid these days and macOS no longer looks so obviously superior as it did in the XP and Vista era.

 

[falkon-engine]

Yes, there some HUGE problems with Apple QA these days.

iOS 11 is riddled with obvious bugs. I just got one about 10 minutes ago. Was just deleting a few voicemails (swipe delete) and the Phone App crashed. Then there is a very reproducible Messages bug where the keyboard obscures the last few messages and you can't get to them. Real rinky-dink stuff that should be caught.

I'm starting to think that Apple is relying too much on the Beta process to collect bugs instead of having robust internal QA.

LOL. The real beta process begins when the GM build has been released to the public. We won't see the "final build" until point release 2 and up.

 

[MacsRgr8]

I’ll be continuing to hold off on the update

Same here.
First time I am holding off a Mac OS update for my main machine.
Will be waiting for macOS 10.13.2.

 

[kometen]

This update seems to enable backlighting on the keyboard upon boot on my macbook pro 2017 model. Others notice the same?

 

[SeattleMoose]

They were in the Sierra and were high.

 

[Orlandoech]

LOL @ Apple lately. I was a die hard Apple user... not I cant help but hate them more and more; and the unfortunate thing, they are still better than Google/Android.

Sad.

 

[OldSchoolMacGuy]

Already patched. We can stop crying about something at 99.9% of people here would never have used anyways and is now taken care of.

 

[Tech198]

ok.. Apple fixed this one. I initially got shocked by this when i mis-read and thought due to this update Apple would be forcing customers to re-encypt their drives, which means backup as well.. lol

phew.... !

 

[iapplelove]

I don’t think the issues affects my machine but updated it anyways.

 

[weup togo]

I don't challenge what you've said, but an argument can be made that the current approach of simultaneously releasing two OSes plus multiple hardware products is not yielding good results. Apple software has taken a noticeable dip in quality in the last 5 years or so, which has caught the attention of more than a few tech journalists. (And users!)

The quality dip isn't caused by simultaneous release. It's caused by a decline in Apple's interest in quality. They pay lip service to it, but the results speak for themselves. Apple has effectively infinite resources. The mythical man month does not apply to testing. They choose not to hire the right people with the right focus, and they make the wrong decisions about bug priorities.

 

[oliversl]

You can't make up stuff like this, its a bad joke.

 

[arefbe]

Now how about an update for Sierra, for those of us smart enough NOT to update to the first iteration of a macOS?

 

[SteveW928]

That's a very good point, although I don't know many people using Terminal to create volumes on macOS, so the impact can be large.The problem is Disk Utility is setting the hint to the password itself. It's a bug in Disk Utility, not APFS.

@840quadra : It would be wise to update the article. Here's a link to a tweet showing that creating the APFS-encrypted volume via Terminal is not susceptible to this bug in Disk Utility:

https://twitter.com/felix_schwarz/status/915857500330700801

The important point... is that if I'm reading this all correctly... it's a bug in Disk Utility in that release. So, once patched it should be OK again, and/or someone using the broken version of Disk Utility couldn't install it on your machine and get your password. It's a bug in the creation process of a new disc image... it doesn't uncover the password for images created in previous versions of disk utility. Right?

 

[pat500000]

Apple seriously needs to start hiring better QA engineers....

They do: beta testers.
[doublepost=1507237836][/doublepost]

Now how about an update for Sierra, for those of us smart enough NOT to update to the first iteration of a macOS?

That's not even smart...wait till later update?

 

[hank moody]

how do i know if i have to do that backup process?