AfterDawn: Tech news

OS X Lion update exposed encryption passwords

Written by James Delahunty (Google+) @ 08 May 2012 17:47 User comments (2)

OS X Lion update exposed encryption passwords Debug option accidentally left enabled.
Last last week, it emerged that an OS X Lion security update released in February, 10.7.3, had a flaw relating to the FileVault encryption feature. A debug option appears to have been left enabled by an engineer, which resulted in users' FileVault passwords being saved in a plain-text log file.

The file is accessible outside the encrypted area by anyone with access to the disk, or by malware that knows where to look. Not everybody will be affected though.

According to Sophos, the issue affects those who used the FileVault encryption option for their home directories with Snow Leopard. It does not impact users who did not upgrade from Snow Leopard. It also does not affect users of FileVault2 or those who have full disk encryption enabled.

Vulnerable users who opt not to encrypt their Time Machine backups also risk replicating the log file in their backups.

Tags: Apple
Previous Next  

2 user comments

18.5.2012 20:42

Im not suprised

29.5.2012 12:06

Stuff just writes itself... literally.

Comments have been disabled for this article.

News archive