Another macOS High Sierra bug can reveal your passwords

by Ugnius Kiguolis - -

The flaw in macOS High Sierra can reveal your passwords after typing specific command in Terminal

macOS High Sierra bug

Mac operating system is known as stable and secure. However, the recent version of macOS makes us doubting if it’s still true. Not so long ago, a concerning High Sierra bug gave anyone root access to a computer.[1] However, recently discovered Mac bug allows getting your passwords in plaintext.

The vulnerability is detected in macOS 10.13 and macOS 10.13.3 versions[2] in unencrypted Apple's File System (APFS) for macOS volume. But it seems that the bug was fixed in 10.13.2 systems and does not exist in the 10.13.4 version available for developers only.

APFS is responsible for organizing and structuring information on a storage system.[3] However, the security vulnerability allows accessing passwords of APFS external drives by executing the following command with Terminal:

log stream –info –predicate 'eventMessage contains “newfs_”'

Once this command is executed, passwords are exposed.

Problems with APFS have been reported before

Earlier this year, another serious problem with APFS was discovered too. Mac backup software company Bombich[4] reported about the issue with the APFS-formatted disk image. Fortunately, it affected only in APFS sparse disk images, which are not widely used. However, it doesn’t change the fact that it may lead to loss of the important data:

I noticed that an APFS-formatted sparsebundle disk image volume showed ample free space, despite that the underlying disk was completely full. Curious, I copied a video file to the disk image volume to see what would happen. The whole file copied without error! I opened the file, verified that the video played back start to finish, checksummed the file – as far as I could tell, the file was intact and whole on the disk image. When I unmounted and remounted the disk image, however, the video was corrupted.
Source: Bombich blog

A sparse disk image is mostly used for backing up and disk cloning. Mac OS treats this file as a physical drive and can grow in size when a user adds more data to it. Meanwhile, SSD startup disk or other popular APFS volumes were not affected by this issue.

Apple released macOS High Sierra 10.13.4 beta version

On Monday, Apple released a new version of the operating system for testing. Developers can download macOS High Sierra 10.13.4 beta 7 now from Mac App Store or official Apple’s developer website.

According to the release note, this macOS update fixed several bugs. Though, any major updates or improvements are not included. However, this version of OS does not include a previously mentioned error that allows extracting passwords.

Apple developers improved and fixed issues that were detected in App Store, Safari, iBooks or during the installation of operating system. It also includes new features, such as Messages in iCloud, support for Business Chat in Messages in the United States and Canada and improved eGPU (external graphics card enclosure) management.[5]

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding Another macOS High Sierra bug can reveal your passwords