macOS Security Update
There is a macOS security update to StorageKit. This vulnerability was announced on the MacAdmins Slack earlier and has been addressed by Apple. See information below released by Apple Product Security.
APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update
macOS High Sierra 10.13 Supplemental Update is now available
and addresses the following:
StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints. CVE-2017-7149: Matheus Mariano of Leet Tech Security
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the
keychain access prompt with a synthetic click. This was addressed by
requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack
New downloads of macOS High Sierra 10.13 include the security
content of the macOS High Sierra 10.13 Supplemental Update.
Installation note:
macOS High Sierra 10.13 Supplemental Update may be obtained from the
Mac App Store or Apple’s Software Downloads web site:
https://www.apple.com/support/downloads/
