Mac OS X Bug Exposes Lion Login Details

Mac OS X Bug Exposes Lion Login Details


With a recent Lion security update which was part of Mac OS X 10.7.3, Apple managed to roll out a debug file that — with some very specific configurations — can leave passwords stored in a log file in clear text.

Fortunately, few people will be affected. To be hit by the problem, you’ll need to have used FileVault encryption prior to Lion, upgraded to Lion but kept the folders encrypted using the legacy version of FileVault. If you did, the OS X 10.7.3 update will have turned on a debug log file outside of the encrypted area of the operating system, which will be storing user passwords in plain text. Security researcher David Emery explains:

“This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.”

So far, Apple has not fixed the bug in any subsequent update. [ZDNet]

Image: Pedro Miguel Sousa Shutterstock


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.