[MacTUG] High Sierra supplemental update (Oct 5)
Jim Johnston
jjohnston at uwaterloo.ca
Tue Oct 10 14:17:00 EDT 2017
>From today's SANS NewBites (Vol. 18, Num. 080):
High Sierra Supplemental Update Fixes Password Exposure Flaws
(October 6, 2017)
On Thursday, October 5, Apple released a supplemental update to fix two vulnerabilities in the newly-released macOS High Sierra 10.13. One of the flaws could be exploited to steal passwords from the macOS keychain. The second flaw lies in the StorageKit library. If a user sets a password hint in Disk Utility while creating an APFS-encrypted volume, the hint displays the actual password in plaintext.
Read more in:
- www.scmagazine.com<http://www.scmagazine.com/apple-issues-new-security-update-for-macos-high-sierra/article/698537/>: Apple issues new security update for macOS High Sierra
- www.eweek.com<http://www.eweek.com/security/apple-updates-macos-high-sierra-with-patches-for-two-critical-flaws>: Apple Updates macOS High Sierra With Patches for Two Critical Flaws
- threatpost.com<http://threatpost.com/emergency-apple-patch-fixes-high-sierra-password-hint-leak/128314/>: Emergency Apple Patch Fixes High Sierra Password Hint Leak
- support.apple.com<http://support.apple.com/en-us/HT208165>: About the security content of macOS High Sierra 10.13 Supplemental Update
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/mactug/attachments/20171010/3b344653/attachment-0001.html>
More information about the MacTUG
mailing list