TTCSIRT-049.100617: TT-CSIRT Advisory – Apple Security Updates

TTCSIRT-049.100617: TT-CSIRT Advisory – Apple Security Updates

Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13:

a) A local attacker may gain access to an encrypted APFS volume – if a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint.

b) A malicious application can extract keychain passwords – a method existed for applications to bypass the keychain access prompt with a synthetic click.

Further information on these vulnerabilities and how they can be fixed can be found on the Apple Website at https://support.apple.com/en-us/HT208165