Linked by Thom Holwerda on Mon 9th Oct 2017 19:26 UTC
Mac OS X

Reported by Matheus Mariano, a Brazilian software developer, a programming error was discovered in Appleā€™s most recent operating system, High Sierra, that exposed passwords of encrypted volumes as password hints. A serious bug that quickly made the headlines in technology websites everywhere.

Apple was prompt to provide macOS High Sierra Supplemental Update to customers via the App Store, and ensured that every distribution of High Sierra in their servers included this update.

I decided to apply a binary diffing technique to the update to learn more about the root cause of this bug and hypothesize about how the defect could have been prevented.

Permalink for comment 649834
To read all comments associated with this story, please click here.
RE[2]: Comment by sj87
by sj87 on Sat 14th Oct 2017 13:31 UTC in reply to "RE: Comment by sj87"
Member since:

That was the most incredible thing about this whole article. The password to the disk encryption is stored in a reversible way and is read into memory.

Encryption password has to be stored in memory as without it encryption/decryption is impossible. I don't know why they're storing this password on the disk in the first place, though. Maybe it is needed for some automation, and they're storing the container in an encrypted form.

The way this showed up was that a programmer made a change that showed the password to the world in the passwordhint-UI, but it was actually never really hidden.
As far as I understood it is still this way after the fix. The fix literally checks if the password hint is the same as the password and won't show the hint in that case. That is literally putting lipstick on a pig.

I guess their point is to also 'fix' this issue for those users who were affected by the now-fixed bug and already have their password stored also as the password hint. There are different ways to tackle this problem but they decided this is the least likely way to fail at that.

Although a new issue might be that upon changing the encryption password, the app will then leak the old password that was used (and stored as pw hint), which might open an attack surface in case that the same password is in use somewhere else too.

Edited 2017-10-14 13:34 UTC

Reply Parent Score: 2