If you create an extra, protected APFS container on an present APFS force the use of Disk Utility, and set a password trace, there is a worm that may display your precise password as a substitute. However a repair is already on its approach.
Apple has simply driven out a macOS Top Sierra Supplemental Replace to repair a subject with Disk Utility, APFS encrypted bins, and password hints.
From Matheus Mariano:
This week, Apple launched the new macOS Top Sierra with the new report device known as APFS (Apple Record Device). It wasn't lengthy prior to I encountered problems with this update. Now not a easy factor, however a possible vulnerability.
The problem, as very best as I comprehend it, was once as follows:
- If you have an APFS formatted SSD force and:
- You create a brand new container on that force the use of the Disk Utilities GUI and:
- You are making it an encrypted container and:
- You upload a password trace for the container
Then the GUI would combine up the fields and retailer the container password in the plain-text password trace box and show the password as the trace on every occasion you re-mount the container.
If you did not use the Disk Utility GUI and created the container thru Terminal, or if you used the Disk Utility GUI however did not set a password trace, you would not be suffering from the worm.
As insects cross, it was once tremendous dumb. However Mariano had already reported it to Apple, and Apple is already deploying a repair.
The selection of folks affected — the ones with bodily get entry to to a tool with an present APFS container that still has an extra, encrypted APFS container who would not even have the password to that container — is almost definitely tiny. Nonetheless, Apple has supplied the following directions for a way to roll again even beneath the ones instances:
- Set up the macOS Top Sierra 10.13 Supplemental Replace from the App Retailer updates web page.
- Create an encrypted backup of the affected encrypted APFS quantity.
- Open Disk Utility and choose the affected encrypted APFS quantity in the sidebar.
- Click on Unmount to unmount the quantity.
- Click on Erase.
- When requested, form a reputation for the quantity in the Title box.
- Alternate Layout to APFS.
- Then alternate Layout once more to APFS (Encrypted).
- Input a brand new password in the conversation. Input it once more to check the password, and if you'd like to, supply a touch for the encrypted APFS quantity. Click on Select.
- Click on Erase. You'll see the growth of the Erase procedure.
- Click on Executed when the procedure is entire.
- Repair the information that you sponsored up in Step 1 to the new encrypted APFS quantity that you simply created.
The macOS Top Sierra 10.13 Supplemental Replace must be are living by means of the time you learn this, and you can get entry to and update to it by way of the Mac App Retailer.
Additionally be aware, if you used the identical password on your encrypted APFS container as every other accounts (as an example, your Mac consumer account), alternate the ones accounts. Higher protected than sorry.