14 DAY TRIAL // Apple’s security nightmare doesn’t seem to come to an end, as a new vulnerability in macOS exposes the passwords used for encrypted APFS external drives in plain text.
The security flaw exists in macOS 10.13.1 and can be exploited with just a Terminal command, with newer versions of the operating system presumably protected against the flaw. But according to mac4n6.com, the bug still exists in macOS 10.13.3, only that it can be spotted when encrypting an already existing unencrypted APFS drive.
Apple has obviously remained tight-lipped on this bug, so it’s not known if the company addressed it in the latest versions of macOS, though by the looks of things, the vulnerability can’t be triggered in the same way as on older builds of the operating system.
macOS security focus
This isn’t the only security vulnerability discovered in macOS lately, as a recently-found bug exposed the root password with a method that didn’t require any advanced computer skills.
Apple acknowledged the root bug and delivered a fix, only to create more issues that were then addressed with a second patch.
The security fiasco forced Apple to reconsider its strategy for the next software updates, so instead of focusing on new features for macOS and iOS, the company has pledged to invest more in security and reliability of its products.
This means the next releases, like macOS 10.14 and iOS 12, will be less about new functionality and more about code refinements that would help address such problems on Apple devices.
The next macOS and iOS versions are likely to be previewed in the summer at WWDC ahead of their public launch in the fall when new devices are also projected to see daylight. It remains to be seen how this new strategy works out, as customers are always expecting new features every time new software updates are being pushed to their devices.