Apple rilascia una nuova versione di macOS High Sierra

Apple ha appena rilasciato un aggiornamento all’attuale macOS High Sierra . Questo aggiornamento contiene la correzione di bug in generale ma in particolare di un bug che permetteva di poter vedere la chiave per decriptare i file di macOS che vinca criptati dal sistema APFS .

MACOS HIGH SIERRA 10.13 SUPPLEMENTAL UPDATE

Released October 5, 2017

StorageKit

Available for: macOS High Sierra 10.13

Impact: A local attacker may gain access to an encrypted APFS volume

Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.

CVE-2017-7149: Matheus Mariano of Leet Tech

Security

Available for: macOS High Sierra 10.13

Impact: A malicious application can extract keychain passwords

Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.

CVE-2017-7150: Patrick Wardle of Synack

New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.