mac exposedUsing an Apple computer is generally more secure than a PC, but that does not mean the platform is not vulnerable at all to external attacks. It seems that in the most recent Lion security update, Mac OS X 10.7.3, Apple actually left the debug log file outside of the encrypted area, where your user password is stashed away sans encryption. Translated to plain English, all your passwords are in clear text. This is obviously due to human error, as an Apple programmer actually left a debug flag in the most recent version of the Mac OS X operating system by accident. Under specific configurations, whenever one applies the OS X Lion update 10.7.3, it will turn on a system-wide debug log file which holds the login passwords of all users who logged in ever since the update was applied, and in clear text, no less.

Folks who relied on FileVault encryption on their Mac before making the Lion update, and even after upgrading to Lion, and kept the folders encrypted using the legacy version of FileVault, will be vulnerable. As for the rest who use FileVault 2 (entire disk encryption), you will be safe and not affected in any way. Security researcher David Emery first reported about this flaw after, and says that this bug has yet to be corrected.

Filed in Apple >Computers . Tags: Apple Inc.
User Comments