Apple fixes the security flaw of ssd encrypted in apfs in macos high sierra

Yesterday afternoon, and just a week after its official release, Apple released a companion update to macOS High Sierra that ends a security flaw affecting SSDs that had been encrypted under the new APFS file system. (Apple Fyle System).

Security returns to macOS High Sierra

This new version of macOS High Sierra is free for all users and is available through the usual update mechanism in the Mac App Store. This update addresses a software vulnerability that could expose passwords for volumes that have been encrypted under the new APFS system built into High Sierra.

The security flaw was discovered by the developer Matheus Mariano and, as we can see in the following video, when requesting the password hint in case of forgetting, what the system does is show the password itself, instead of the track, thus exposing the user's safety. As we say, this problem only affects those volumes that have been encrypted through Disk Utility already with the new APFS system and in plain text.

Apple has released a document in conjunction with this companion update that guides users through the process of protecting their data in the event that macOS High Sierra is displaying the password instead of a password hint on an encrypted APFS volume.

This procedure includes installing the new update, creating an encrypted backup for the affected volume, wiping the drive, reformatting to APFS (encryption), and finally restoring the data that was backed up.

A separate security document from the previous one notes that the update also addresses a vulnerability that could allow a hacker to steal usernames and passwords for accounts stored on the Keychain using a third-party application.