Skip to main content

Engineering mistake exposes Lion passwords in clear-text

posted onMay 7, 2012
by l33tdawg

Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

David I. Emery wrote on Cryptome that a debugging switch inadvertently left on in the current release of Lion, version 10.7.3, records in clear text the password needed to open the folder encrypted by the older version of FileVault.

Users who are vulnerable are those who upgraded to Lion but are using the older version of FileVault. The debug switch will record the Lion passwords for anyone who has logged in since the upgrade to version 10.7.3, released in early February. "This is what the secure FileVault partition was supposed to protect against after all," Emery said in an interview.

Source

Tags

Security Apple OS X

You May Also Like

Recent News

Friday, January 19th

Thursday, January 18th

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th