OS X Lion update exposed encryption passwords

OS X Lion update exposed encryption passwords
Debug option accidentally left enabled.

Last last week, it emerged that an OS X Lion security update released in February, 10.7.3, had a flaw relating to the FileVault encryption feature. A debug option appears to have been left enabled by an engineer, which resulted in users' FileVault passwords being saved in a plain-text log file.



The file is accessible outside the encrypted area by anyone with access to the disk, or by malware that knows where to look. Not everybody will be affected though.

According to Sophos, the issue affects those who used the FileVault encryption option for their home directories with Snow Leopard. It does not impact users who did not upgrade from Snow Leopard. It also does not affect users of FileVault2 or those who have full disk encryption enabled.

Vulnerable users who opt not to encrypt their Time Machine backups also risk replicating the log file in their backups.

Written by: James Delahunty @ 8 May 2012 17:47
Tags
Apple
Advertisement - News comments available below the ad
  • 2 comments
  • shummyr

    Im not suprised

    8.5.2012 20:42 #1

  • LordRuss

    Stuff just writes itself... literally.

    http://onlyinrussellsworld.blogspot.com

    9.5.2012 12:06 #2

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud