Apple Fixes APFS Security Flaw That Revealed Passwords

Password hints can prove useful when you can’t remember how to sign in to a service that you don’t use all that often. They can also be damaging if the hint gives the password away or flat-out reveals it to anyone who goes looking. Apple fixed a flaw in macOS High Sierra that was even more troublesome—it mistakenly saved your password as the “hint” for encrypted volumes using the company’s new Apple File System (APFS).

It’s not hard to imagine why this was a problem. The whole point of encrypting a volume is to prevent anyone else from accessing it; allowing someone to make their way through those defenses by clicking one button undermines the whole process. This is even worse than, say, unexpectedly changing the behavior of the buttons that control your smartphone’s Bluetooth and Wi-Fi connectivity options. (Ahem.)

The flaw also undermined APFS itself. Apple announced the file system at WWDC 2016 to offer “more granular and robust encryption control, copy-on-write metadata, space sharing between volumes, cloning for files and directories, snapshots (faster and less capacity-intensive than backups), write atomicity (ensures data safety) and improved overall fundamentals,” as we explained at the time. The encryption bit is key.

On the bright side, Apple released an update to macOS High Sierra that should resolve this issue. But things still aren’t all sunshine and rainbows, because Apple said in a support article that you’re going to have to follow these steps to fix the problem with volumes you’ve already encrypted:

  1. Install the macOS High Sierra 10.13 Supplemental Update from the App Store updates page.
  2. Create an [encrypted] backup of the data in your affected encrypted APFS volume.
  3. Open Disk Utility and select the affected encrypted APFS volume in the sidebar.
  4. Click Unmount to unmount the volume.
  5. Click Erase.
  6. When asked, type a name for the volume in the Name field.
  7. Change Format to APFS.
  8. Then change Format again to APFS (Encrypted).
  9. Enter a new password in the dialog. Enter it again to verify the password, and if you’d like to, provide a hint for the encrypted APFS volume. Click Choose.
  10. Click Erase. You can see the progress of the Erase process.
  11. Click Done when the process is complete.
  12. Restore the data that you backed up in Step 1 to the new encrypted APFS volume that you just created.

The company also said you should update any accounts that rely on the same password used for the encrypted volumes. That’s a potential side effect of this flaw—people who reuse passwords (and there are many who do) now have to worry about someone accessing other information. Again, trying to view a password hint not only offered access to ostensibly secure files, but could also have put other private data at risk.