The password for an encrypted APFS volume can be retrieved by running e executing the following ‘newfs_apfs’ command in the terminal: log stream -info -predicate 'eventMessage contains "newfs_"'Įdwards updated his post to highlight that he has discovered similar log entries in another system log that is more persistent. around is to install Catalina on an APFS encrypted drive, D50 Game Dock. This means that anyone with access to the machine can see passwords stored in plaintext, the experts also warned that a malware could be used to collect log files to gather passphrase. If APFS is not available then the drive is in MBR and not GUID Partition Map. (The new class images have a WarGames theme, hence the shout-outs to classic video games!)” “It may not be noticeable at first (apart from the highlighting I’ve added of course), but the text “frogger13” is the password I used on a newly created APFS formatted FileVault Encrypted USB drive with the volume name “SEKRET”. “I’ve been updating my course (Mac and iOS Forensics and Incident Response) to use new APFS disk images (APFS FTW!) and came across something that both incredibly useful from a forensics perspective but utterly horrifying from a security standpoint. Screenshot below of my course disk image.” states the blog post published by Edwards. The flaw leaves encryption password for a newly created APFS volume in the unified logs in plaintext, it also allows encrypting previously created but unencrypted volumes. APFS is optimized for flash solid-state drive storage, it aims to improve encryption and performance. A security expert discovered severe security issues in APFS file system for macOS High Sierra that expose passwords of encrypted external drives in plain text.Ī vulnerability in APFS file system for macOS High Sierra operating system has been discovered by forensic analyst Sarah Edwards.Īccording to Edwards, the flaw exposes passwords of encrypted external drives in plain text.Īpple File System (APFS) is a proprietary file system for macOS High Sierra and later, iOS 10.3 and later, tvOS 10.2 and later, and watchOS 3.2 and later, developed and deployed by Apple Inc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |