Apple's new desktop operating system. macOS 10.13 High Sierra. has a problem that could reveal passwords to would-be hackers.
Software developer Matheus Mariano claims to have discovered a bug in the Disk Utility function built inside macOS High Sierra that reveals passwords in plain text to hackers. The hack requires a few steps to complete, but when it's done, hackers have full access to passwords.
According to Mariano, whose discovery was earlier reported on by MacRumors, hackers can go to the operating system's Disk Utility and create a new encrypted Apple File System volume. From there, the hackers need to set a password and hint, and unmount and remount the volume to force the operating system to ask for a password. Upon clicking the "Show Hint" button, Apple's operating system displayed the password in plain text and not the hint.
Of course, the hack is somewhat self-limiting, since it only affects the Disk Utility feature in High Sierra. If hackers try to access your Apple ID password, for instance, the same problem wouldn't occur. It's also worth noting that Mariano believes the flaw affects only Macs with solid-state drives. If you haven't used Disk Utility or don't use a hint, the problem won't come up.
Still, it's a concerning flaw. Too often, users employ the same passwords for different services. If a hacker can obtain one of your passwords, he or she might get access to a host of services just by trying out those credentials on other platforms.
To protect yourself, then, there are some steps to take.
For one, Apple has released a patch that fixes the bug in the macOS High Sierra 10.13 Supplemental Update (opens in new tab). If you apply that patch, the flaw is thwarted and you no longer need to worry about Disk Utility. Here are Apple's instructions (opens in new tab) to make sure the problem is fixed. (The patch also fixes the password-exposing Keychain bug disclosed in late September.)
Additionally, maybe now is a good time to remember that using different passwords for different items is a really good idea. Using the same passwords — and not changing them — is a recipe for major problems. Here's how to create a strong, secure password.