New MacOS Bug Reveals Passwords: What to Do

Apple's new desktop operating system. macOS 10.13 High Sierra. has a problem that could reveal passwords to would-be hackers.

Credit: Apple

(Image credit: Apple)

Software developer Matheus Mariano claims to have discovered a bug in the Disk Utility function built inside macOS High Sierra that reveals passwords in plain text to hackers. The hack requires a few steps to complete, but when it's done, hackers have full access to passwords.

According to Mariano, whose discovery was earlier reported on by MacRumors, hackers can go to the operating system's Disk Utility and create a new encrypted Apple File System volume. From there, the hackers need to set a password and hint, and unmount and remount the volume to force the operating system to ask for a password. Upon clicking the "Show Hint" button, Apple's operating system displayed the password in plain text and not the hint.

Of course, the hack is somewhat self-limiting, since it only affects the Disk Utility feature in High Sierra. If hackers try to access your Apple ID password, for instance, the same problem wouldn't occur. It's also worth noting that Mariano believes the flaw affects only Macs with solid-state drives. If you haven't used Disk Utility or don't use a hint, the problem won't come up.

MORE: macOS High Sierra Review: A Deceptively Big Update

Still, it's a concerning flaw. Too often, users employ the same passwords for different services. If a hacker can obtain one of your passwords, he or she might get access to a host of services just by trying out those credentials on other platforms.

To protect yourself, then, there are some steps to take.

For one, Apple has released a patch that fixes the bug in the macOS High Sierra 10.13 Supplemental Update. If you apply that patch, the flaw is thwarted and you no longer need to worry about Disk Utility. Here are Apple's instructions to make sure the problem is fixed. (The patch also fixes the password-exposing Keychain bug disclosed in late September.)

Additionally, maybe now is a good time to remember that using different passwords for different items is a really good idea. Using the same passwords — and not changing them — is a recipe for major problems. Here's how to create a strong, secure password.

Protect Your Mac

TOPICS

Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.

Latest in macOS
Mac Studio on a desk hooked up to a Studio DIsplay
Mac Studio M3 Ultra: 3 reasons to buy and 2 reasons to skip
Cyberpunk 2077 on MacBook Pro
5 great cloud gaming services for Mac that you should try right now
MacBook Prime Day
The widget you've always wanted comes to your Mac menu bar in Sequoia 15.2
Apple Magic Mouse USB-C
USB-C Mac accessories don't work with older macOS versions — this is a huge pain
How to keep to keep iCloud Drive files downloaded on your Mac
How to keep to keep iCloud Drive files downloaded on your Mac
How to access your passwords from the menu bar in macOS Sequoia
MacOS Sequoia lets you view saved passwords via the menu bar — here's how
Latest in News
The Apple Watch Series 10 on a user's wrist showing a colorful orange and pink home screen
EU is ordering Apple to open up iOS even more — offering better access for headphones, smartwatches and other accessories
Qobuz
Qobuz reveals artist payouts for the first ever —here’s how much it pays artists per stream
Dee Wallace in "Cujo" (1983)
One of my favorite Stephen King novels is getting a Netflix remake — and I hope it has more bite than the original
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 20 (#648)
Shark FlexBreeze Pro Mist
Shark's new HydroGo fan can be used in the office, on vacation, and even outdoors — here's why I can't wait to try it
A phone with the Plex logo in front of an out-of-focus background of movie posters
Yikes! Plex is getting a price hike and this key feature is going behind a pay wall