Information disclosure in Apple macOS



Published: 2017-10-09 | Updated: 2017-10-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-7149
CWE-ID CWE-200
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU8718

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7149

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in Disc Utility Macs that exposes the passwords of encrypted Apple File System volumes in plain text on macOS High Sierra. A local user can use the Add APFS Volume command in Disk Utility to create an encrypted APFS volume, click on password hint and view passwords in plain text.

Mitigation

Follow these steps to update macOS High Sierra, and then back up, erase, and restore the encrypted APFS volume.

  1. Install the macOS High Sierra 10.13 Supplemental Update from the App Store updates page.
  2. Create an encypted backup of the data in your affected encrypted APFS volume.
  3. Open Disk Utility and select the affected encrypted APFS volume in the sidebar.
  4. Click Unmount to unmount the volume.
  5. Click Erase.
  6. When asked, type a name for the volume in the Name field.
  7. Change Format to APFS.
  8. Then change Format again to APFS (Encrypted).
  9. Enter a new password in the dialog. Enter it again to verify the password, and if you’d like to, provide a hint for the encrypted APFS volume. Click Choose.
  10. Click Erase. You can see the progress of the Erase process.
  11. Click Done when the process is complete.
  12. Restore the data that you backed up in Step 2 to the new encrypted APFS volume that you just created.

Vulnerable software versions

macOS: 10.13 17A365 - 10.13.1 17B48

External links

http://support.apple.com/ru-ru/HT208168
http://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs...


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###