Apple issued an update for its High Sierra desktop operating system on artful eroticismThursday.
Called the "macOS High Sierra 10.13 Supplemental Update," the new update fixes two dangerous bugs in High Sierra, both of which exposed user passwords in some way.
SEE ALSO: Whoops, a hacker found a way to steal your passwords from macOS High SierraNaked Security has a great technical explanation of the first bug Apple fixed with the High Sierra update. In the simplest of terms, with the bug, if you created a new APFS (Apple File System) encrypted volume on High Sierra, and set anything at all as the password hint, then your password was stored as the hint. In plain text.
That means anyone could've gotten your password simply by clicking on the "Show Hint" button.
Interestingly, if you didn't choose anything as your password hint, you were safe.
The bug did require an attacker to have physical access to one's encrypted volume, like a drive on your MacBook or a USB stick. But this is not one of those bugs that requires a highly technical exploit: Apple literally handed out your encrypted disk's password to everyone, with one click of a mouse.
The bug was discovered by security expert Matheus Mariano on Sept. 27, and the collective response it got from experts was one of disbelief.
This Tweet is currently unavailable. It might be loading or has been removed.
If you have an encrypted APFS volume, check whether your password hint displays your password. If it does, we've got more bad news: Fixing this isn't all that simple.
Per Apple's official explanation, you need to install the 10.13 High Sierra update from App Store, backup the data from the affected volume, unmount and erase the affected volume, reformat it as new APFS volume, encrypt it, choose a new password (hint optional), and then restore your data to the volume. Ouch.
Additionally, if you used that same password (the one you used for an affected encrypted APFS volume), you should change that as well.
Thursday's High Sierra update also fixes another nasty High Sierra bug, which we've written about in September. That particular issue allowed a malicious attacker to extract all your keychain passwords with an unsigned app.
While we're glad these bugs are now squashed, we certainly hope we won't see any such glaring omissions in Apple's software in the future.
Topics Apple Cybersecurity
Best Presidents' Day deal: Save $44 on Fitbit Charge 6
Uber messes up Facebook ad by confusing Puerto Rican and Cuban flags
'Black Widow' combines box office and Disney+ for a wild $215 million opening
How to change your Instagram username
Panthers vs. Falcons 2025 livestream: How to watch NFL online
Roger Federer has a blast hanging out with super cute quokkas
Google's new Doodle is dedicated to Marlene Dietrich
Oprah issues warning to fans after scammers impersonate her online
Meta deletes all AI character profiles on Facebook, Insta after backlash
Watch Zaila Avant
How to unblock XVideos for free
NASA just saluted the coolest drummer ever
China made a giant dog that looks like Trump
Disappearing WhatsApp messages roll out to iOS beta users
Swole Jeff Bezos joins Instagram to tease his new ROCKET FACTORY
Yes, everything is hard, but at least your family isn't being circled by a great white shark
How to repost on Instagram
Tag Heuer has a Super Mario
Amazon Prime members gets 10% off Grubhub orders through Feb. 17
A popular password manager screwed up, but there's an easy fix
Apple Sports app will give realHow to unblock TNAFlix for freePremier League 2024X finally lets you edit DMs on iOS. Here's how.Premier League 2024No, the black Facebook app icon isn't a new logo. Here's why you're seeing it.Swiatek vs. Pegula 2024 livestream: Watch US Open for freeGen Z fantasizes about both monogamy and kink, Feeld saysHow to unblock TNAFlix for free'Kaos': Billie Piper's character spoils the big twist in the first 5 minutesSwiatek vs. Pegula 2024 livestream: Watch US Open for freeAtlanta Dream vs. Phoenix Mercury 2024 livestream: Watch live WNBAIn Starliner fallout, 2 women lose their ride to spaceSpotify calls out Apple for removing volume control for connected devicesAmazon's 'Remarkable' Alexa will actually be Claude in disguise, report claimsWest Ham vs. Manchester City 2024 livestream: Watch Premier League for freeArgentina vs. Australia 2024 livestream: Watch Rugby Championship for freeChicago Sky vs. Las Vegas Aces 2024 livestream: Watch live WNBAFacebook, Instagram opt out of allowing Apple AI to scrape their data for trainingAI uses too much energy. Big tech won't say how much. Win this contest by making your own anti Scottish Ebola nurse Pauline Cafferkey readmitted to hospital A giant Putin poster randomly showed up on New York's Manhattan Bridge Fox broadcaster Joe Buck lost his voice because of a hair plug addiction Escape from the tech hype machine: Meerkat's founders look beyond livestreaming 'Keeping Up with the Kardashians' on hold after Kim was robbed at gunpoint 'Stranger Things' fans rejoice, this restaurant is feeding Demogorgons to diners India collaborates with Facebook to get more people to vote Aussie bros who wore Malaysian flag undies sent home without conviction Tall teenager hands out business cards to people who ask about his height Here's why Kylie Minogue won't be getting married yet This picture of Ted Cruz is the first result when you Google 'ultimate humiliation' Hilary Duff's new tattoo, by any other name, would still smell as sweet People are sharing a brilliant poem about mansplaining on National Poetry Day Hero pug receives award from mayor after saving family from a fire Duolingo adds AI Hillary Clinton weighs in on the Kim Kardashian robbery Jetpack flies through London skies, and you too could have one within three years Devastating photos from Hurricane Matthew's aftermath in Haiti Watch Melissa Etheridge sing a ditty about Brangelina's divorce
3.5371s , 10171.734375 kb
Copyright © 2025 Powered by 【artful eroticism】,Warmth Information Network