科技回声

jmdocherty超过 7 年前

Glass half-full: "Oops! They missed this because they were busy making all the other stuff super-secure."Glass half-empty: "Oh-my-goodness...what would Steve say? FFS. We can't trust anyone any more!"I'm inclined to be half-full.

评论 #15409525 未加载

jchw超过 7 年前

So... it stores the password as a password hint?One must wonder how Apple's QA process didn't catch something as egregious as that in a piece of security code.

评论 #15409823 未加载

jaclaz超过 7 年前

It is now officially acknowledged by Apple (though they don't seem like treating it as a bug):<a href="https://news.ycombinator.com/item?id=15410953" rel="nofollow">https://news.ycombinator.com/item?id=15410953</a><a href="https://support.apple.com/en-us/HT208168" rel="nofollow">https://support.apple.com/en-us/HT208168</a>

runesoerensen超过 7 年前

"Creating a volume via diskutil, the hint, not the pw is shown. Looks like the root cause is Disk Utility storing the password as hint."<a href="https://twitter.com/felix_schwarz/status/915857500330700801" rel="nofollow">https://twitter.com/felix_schwarz/status/915857500330700801</a>

High Sierra vulnerability exposes the password of an encrypted APFS container

4 条评论

High Sierra vulnerability exposes the password of an encrypted APFS container

4 条评论