macOS High Sierra has not been available to the public long, but another vulnerability has been discovered in the desktop operating system.
The newest issue for Apple’s desktop OS was discovered by software developer Matheus Mariano. From what he has discovered, the software will expose passwords of Apple File System volumes, which are encrypted. The exposed passwords are displayed as plaint text within the Disk Utility function.
To demonstrate the problem, Mariano recorded himself adding an encrypted AFPS volume to a container, to which he set a password and a hint for that password. Once that was done, he unmounted the container, remounted it, and was subsequently prompted with a prompt to enter his password. When Mariano clicked the “Show Hint” box, the password was displayed in plaint text, rather than offering the hint for the password.
Here is a video showing the vulnerability:
The issue is present in macOS High Sierra due to the fact it has its roots within the Apple File System, which made its debut on that platform. However, this appears to be a bug within Disk Utility itself. Some have already pointed out that High Sierra users that have never used Disk Utility, or those who do not put a hint for their password, will more than likely not run into any issues at all.
As it stands right now, Mariano has reported the issue to Apple, but the company has not officially commented on its discovery just yet. It’s more than likely that the issue will be patched in a forthcoming update to macOS High Sierra.