New MacOS Bug Reveals Passwords: What to Do
MacOS 10.13 High Sierra has a bug that displays passwords instead of password hints, giving anyone access to encrypted drives.
Apple's new desktop operating system. macOS 10.13 High Sierra. has a problem that could reveal passwords to would-be hackers.
Software developer Matheus Mariano claims to have discovered a bug in the Disk Utility function built inside macOS High Sierra that reveals passwords in plain text to hackers. The hack requires a few steps to complete, but when it's done, hackers have full access to passwords.
According to Mariano, whose discovery was earlier reported on by MacRumors, hackers can go to the operating system's Disk Utility and create a new encrypted Apple File System volume. From there, the hackers need to set a password and hint, and unmount and remount the volume to force the operating system to ask for a password. Upon clicking the "Show Hint" button, Apple's operating system displayed the password in plain text and not the hint.
Of course, the hack is somewhat self-limiting, since it only affects the Disk Utility feature in High Sierra. If hackers try to access your Apple ID password, for instance, the same problem wouldn't occur. It's also worth noting that Mariano believes the flaw affects only Macs with solid-state drives. If you haven't used Disk Utility or don't use a hint, the problem won't come up.
MORE: macOS High Sierra Review: A Deceptively Big Update
Still, it's a concerning flaw. Too often, users employ the same passwords for different services. If a hacker can obtain one of your passwords, he or she might get access to a host of services just by trying out those credentials on other platforms.
To protect yourself, then, there are some steps to take.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
For one, Apple has released a patch that fixes the bug in the macOS High Sierra 10.13 Supplemental Update. If you apply that patch, the flaw is thwarted and you no longer need to worry about Disk Utility. Here are Apple's instructions to make sure the problem is fixed. (The patch also fixes the password-exposing Keychain bug disclosed in late September.)
Additionally, maybe now is a good time to remember that using different passwords for different items is a really good idea. Using the same passwords — and not changing them — is a recipe for major problems. Here's how to create a strong, secure password.
Protect Your Mac
Best Mac Antivirus
Kaspersky Internet Security for Mac's top-shelf malware detection and barely there system impact make it the best antivirus solution.
Best Free Mac Antivirus
Avast Free Mac Security's malware-squashing proficiency, negligible performance impact and included password manager make it the best free option.
Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.