Published: Fri, October 06, 2017
Sci-tech | By Carrie Guzman

MacOS High Sierra bug reveals passwords in plain text, no hacking required

MacOS High Sierra bug reveals passwords in plain text, no hacking required

Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint.

Mariano used the macOS Disk Utility to create a new encrypted APFS storage volume, and password protected it. "This was addressed by requiring the user password when prompting for keychain access", Apple says in the release notes for the update.

To update, open the Mac App Store and navigate to the Updates tab on a machine running macOS High Sierra.

Ironically users who haven't specified a password hint are probably unaffected.

U.S. stock market opens with records
The S&P 500 had marked its sixth straight record closing high on Thursday, in large part due to gains in the technology index. The Dow Jones industrial average gained 113.75 points to 22,775.39, and notched intraday and closing all-time highs.

Mariano reported the vulnerability to Apple and apparently it was serious enough for Jobs' Mob to release a macOS High Sierra 10.13 Supplemental Update.

Apple noted that a user can change their password, which will clear the hint without affecting the underlying encryption keys that protect the data but advised instead that users download the latest update to macOS in order to secure their devices. The other reportedly fixed security issue involved an application that had the ability to extract passwords from the keychain. That flaw could be exploited by malicious third-party apps that have access to plaintext Keychain data.

Apple released an update for macOS High Sierra on October 5, patching two critical vulnerabilities in the new operating system. "My goal of posting the video was to raise awareness of the fact that High Sierra was shipped with an exploitable vulnerability-so we can all take necessary precautions".

When the download finished, and the Mac needed to reboot to start the install, all I got was a grey circle with a line through it.

Like this: