“The supplemental macOS High Sierra 10.13 update addresses a software vulnerability that could expose the passwords of encrypted Apple File System volumes in plain text in Disk Utility,” Clover reports. “Apple has released a support document alongside the Supplemental Update that walks users through the process of protecting their data if macOS High Sierra is showing a password instead of a password hint on an encrypted APFS volume.”
Clover reports, “A separate security support document says that the update also fixes a vulnerability that could let a hacker steal the usernames and passwords of accounts stored in Keychain using a malicious third-party app.”
Read more in the full article here.
MacDailyNews Note: The update can be downloaded using the Software Update function in the Mac App Store. If you are installing High Sierra from the Mac App Store for the first time, Apple has already updated the download to include the changes contained in the supplemental update.