Linked by Thom Holwerda on Mon 9th Oct 2017 19:26 UTC
Mac OS X

Reported by Matheus Mariano, a Brazilian software developer, a programming error was discovered in Appleā€™s most recent operating system, High Sierra, that exposed passwords of encrypted volumes as password hints. A serious bug that quickly made the headlines in technology websites everywhere.

Apple was prompt to provide macOS High Sierra Supplemental Update to customers via the App Store, and ensured that every distribution of High Sierra in their servers included this update.

I decided to apply a binary diffing technique to the update to learn more about the root cause of this bug and hypothesize about how the defect could have been prevented.

Permalink for comment 649719
To read all comments associated with this story, please click here.
Comment by sj87
by sj87 on Tue 10th Oct 2017 08:50 UTC
Member since:

As a programmer I fail to find this anything else than another day at the office. Already before reading the article, I assumed that they just stored the password as 'password hint', because that's the only option.

Passwords are usually stored in a form that is not reversible, so it just cannot pop up in another field by accident unless it was deliberately put there.

Programming is still mostly manual work i.e. every little detail has to be written by hand just as we see it happen on the screen. There rarely exists any magical method so that we just type one line of code and see a hundred things happen, no.

Reply Score: 4