Apple on Thursday released a supplemental update to macOS High Sierra 10.13 which fixes a few bugs, among them a major vulnerability (we told you about it this morning) that could expose the passwords of encrypted Apple File System volumes in plain text in Disk Utility.

Official release notes

Apple’s release notes state that this supplemental update includes improvements to the stability, reliability and security of your Mac, plus the following fixes:

  • Improves installer robustness
  • Fixes a cursor graphics bug when using Adobe InDesign
  • Resolves an issue where emails couldn’t be deleted from Yahoo accounts in Mail

While releases notes accompanying the download make absolutely no mention of the APFS encryption password bug in Disk Utility, Apple issued a support document acknowledging a StorageKit vulnerability CVE-2017-7149 (credited to Matheus Mariano of Leet Tech) that may permit a local attacker to gain access to an encrypted APFS volume.

If a password hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password and by improving the logic for storing hints.

What to do if you’re affected by APFS bug

Another support document details the steps for protecting your data if High Sierra’s Disk Utility is showing passwords in plain text instead of password hints on encrypted APFS volumes.

1) Install the macOS High Sierra 10.13 Supplemental Update from the App Store updates page.

2) Create an encrypted backup of the data in your affected encrypted APFS volume.

3) Open Disk Utility and select the affected encrypted APFS volume in the sidebar.

4) Click Unmount to unmount the volume.

5) Click Erase.

6) When asked, type a name for the volume in the Name field.

7) Change Format to APFS.

8) Then change Format again to APFS (Encrypted).

9) Enter a new password in the dialog. Enter it again to verify the password, and if you’d like to, provide a hint for the encrypted APFS volume. Click Choose.

10) Click Erase. You can see the progress of the Erase process.

11) Click Done when the process is complete.

12) Restore the data that you backed up in Step 1 to the new encrypted APFS volume that you just created.

The steps detailed above are required only if you used the Add APFS Volume command in Disk Utility to create an encrypted APFS volume, and you supplied a password hint. Encrypted APFS volumes created using any other method, plus non-SSD volumes, are not affected.

“If your disk password for any affected encrypted APFS volume is the same as the password that you use for a macOS user account or an Internet service, you should change the password of the user account or Internet service,” the company advises.

Another vulnerability has been fixed

Today’s update also fixes another vulnerability (CVE-2017-7150, discovered by Patrick Wardle of Synack) which could allow a malicious app to extract keychain passwords.

A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.

Lastly, Apple has integrated the security content of this supplemental update into regular macOS High Sierra downloads. “New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update,” the company states.

That has got to be the fastest fix from Apple if I ever saw one.

  • triggerhappypunk

    Does anybody know if it fixes the vmware bootcamp issue?

    • Felipe Queiroz Drumond

      Yes. I’m currently using High Sierra, VM Ware Fusion 10.0.1 and Windows 10 in a boot camp partition. Refer to this address to know how to make it work: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2151780

      • triggerhappypunk

        Sweet, thank you. I’ll have to give this a try tonight. I’m running similar setup however using latest version of Fusion 8. The VM worked fine before upgrading to High Sierra, and I can still boot Windows from the bootcamp partition. When booting from the VM, get an error that it can not power on the disk (can’t remember the exact error of the top of my head). I’ve read some examples of disabling SIP, however the article you shared seems most promising as I can re-enable SIP.

      • Felipe Queiroz Drumond

        That’s the exactly error I had when I was using Fusion 8 and the link I posted explains the reasons why. Following the instructions on that link will fix everything! Just an advice: Fusion 10 will force you to recreate a VM for your boot camp partition, so that you’ll have two VMs for the same boot camp; you can delete the old and defective one. If some problem arises, share here! Good luck!

      • triggerhappypunk

        I went thru the entire process, and still get the same error after re-enabling SIP. Do I need to upgrade to Fusion 10 to get it to work?

      • Felipe Queiroz Drumond

        Reading the KB I found out that this process is valid for “Product Version(s): VMware Fusion 10.x”.

      • triggerhappypunk

        I upgraded to Fusion 10 and now the VM is booting, thanks again appreciate the help!

      • Felipe Queiroz Drumond

        You’re welcome!

  • Felipe Queiroz Drumond

    An issue that is disturbing me is the renderization on Chrome + High Sierra. Things are flickering!

    • Jose Gonzalez

      Just updated my iMac and everything is flickering all over the place!

      • Felipe Queiroz Drumond

        Does it happen only in Chrome or any other software?

      • Jose Gonzalez

        Well after it finished the update it reopened all the windows I had open before the update. I did have Chrome open along with Safari, Contacts, a Finder window and Spark. Couldn’t tell what was the culprit though. I did quit Spark but that didn’t do anything. I just decided shut down the mac and re start it. All is fine for now.

      • Felipe Queiroz Drumond

        For me sometimes the renderisation of content in Chrome gets completely disorganised and starts to flick. Refreshing the page does not solve the problem. Weird!

      • Jose Gonzalez

        Well actually. For me everything was flickering, not just a single window. The whole system was going crazy flickering and distorting over the windows. Very weird. But it stopped now that I rebooted the mac.

  • Rick Hart

    I’m trying to update and it keeps quitting on its own