If you have updated your MacOS from the older version to MacOS High Sierra make sure you also apply the new security patch released by Apple to protect your device from third-party intrusion.
As you already know, the latest version of Apple’s desktop operating system MacOS High Sierra has hit the market with a lot of new features but with new options come new bugs, and High Sierra is no different.
Matheus Mariano, a Brazilian software developer, discovered a critical bug in the new OS that displayed device’s actual password rather than showing its hint. This allowed Mariano to access encrypted Apple File System (APFS) volumes which, in case of an attack, it would let anyone do the same posing a massive security and privacy risk to the victim since the password would display in plain-text format.
Another researcher Felix Schwarz explained that the bug does not exist in the underlying software but within Disk Utility. On their support page, however, Apple states that:
“Your password might be displayed instead of your password hint if you used the Add APFS Volume command in Disk Utility to create an encrypted APFS volume, and you supplied a password hint. Changing the password on an affected volume clears the hint but doesn’t affect the underlying encryption keys that protect the data.”
The good news is that Apple has fixed the bug. However, users are urged to apply supplemental update patches for macOS High Sierra 10.13. Mariano uploaded a demonstration video on YouTube showing how he was able to access APFS by simply asking for his device’s password hint.