Apple released its major fourteenth release of macOS name High Sierra on September 25, 2017. Which is targeted for desktop and server operating system running on Mac computers. It was designed to improve on the previous macOS operating system with some major upgrades and changes.
Such as introducing new file system called Apple File System (APFS), a replacement for existing HFS+ system. Also improving its existing Graphic API. Plus, few apps such as photos or safari has been gone through some changes with the release of this new version of macOS OS.
Unfortunately, along with these positive changes High Sierra also came on with some major Security flaws. A Software developer from Brazil, accidently discovered a critical bug in the new OS. Using Disk Utility, he was trying add a new encrypted APFS volume to a container. He was prompt to set a password and optionally a hint, every time he tried to add a new volume.
Later, when tried to mount the new container and as it expected he asked to enter password. When he clicked the “Show Hint” option on the screen clicking the password hint, it was showing its actual password rather than just a hint.
Here’s the video that the developer uploaded on YouTube showing how it was possible for him to access APFS.
New macOS High Sierra vulnerability | Youtube
Fortunately, Apple has released an update to fix this issue. Along with installing released updates, they have provide few other extra steps to tighten the security.
Your password might be displayed instead of your password hint if you used the Add APFS Volume command in Disk Utility to create an encrypted APFS volume, and you supplied a password hint.
Changing the password on an affected volume clears the hint but doesn’t affect the underlying encryption keys that protect the data.
Apple recommends that you take these steps to guard the security of your data.
Go to their support site for more information about it.