Apple Issues Emergency Patch to Fix Password Leak in Disk Encryption Utility

[LASER_oneXM]

Earlier today, Apple has issued an emergency update for macOS High Sierra to address a bug that exposed the passwords of encrypted APFS volumes via the password hint feature.

The bug was discovered earlier today by Brazilian security researcher Matheus Mariano of Leet Tech, who also published the YouTube video embedded below.
The issue occurs only on macOS High Sierra when users add a new encrypted APFS volume to their container.
When the user mounts the APFS volume and is asked to enter the password before being able to access the data, if the user presses the password hint button, the user's password is displayed instead of the the hint.

Only Macs with SSD drives and APFS volumes are affected
The bug only takes place if the user has entered a password hint. Users who did not enter a password hint are not affected.

The problem also affects only Macs with SSD drives, where Apple's new APFS filesystem is supported.

Before disclosing the bug earlier today in a Medium post, Mariano said he informed Apple of the issue.