Password Security Hole Discovered in Certain FileVault Configurations on OS X 10.7.3
ZDNet reports on the discovery of a significant breach of password security for certain users of Apple's FileVault encryption system under OS X Lion. Affected systems currently store the login information for every recent user of the machine in plain text, allowing for easy circumvention of encryption.
In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.
Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected.
The issue was noted last Friday by David Emery on the Cryptome mailing list.
This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.
Emery also offers some suggestions for dealing with the issue, including turning on FileVault 2 and setting a firmware password on the machine in question.
The issue was actually first noted in the Apple discussion forums back on February 6, just days after OS X 10.7.3 was released to the public. That poster now notes that the issue may extend further than just the specific FileVault situation outlines by others, as he notes that he has experienced the same behavior on an OS X Lion virtual machine through VMware Fusion, without FileVault ever having been active on the installation. Consequently, the extent of the issue may not yet be fully known.
Apple has yet to offer any response to the issue, although it is unclear when the company became aware of it. Apple touts the security features of OS X Lion in its promotional materials for the operating system, with a focus on FileVault as an important component of that security, and it seems likely that the company will move as quickly as possible to investigate and fix the issue.
Popular Stories
Bloomberg's Mark Gurman expects Apple to release new AirPods Pro this year, and he said the earbuds will have a key new feature: heart rate monitoring.
From his Power On newsletter today, with emphasis added:As for Apple's other devices, there's a lot in the fall pipeline — though many of the new products are only incremental upgrades.
There will be Apple Watch updates, faster Vision...
Apple's iPhone 17 Pro and iPhone 17 Pro Max should be unveiled in a few more weeks, and there are plenty of rumors about the devices.
In his Power On newsletter today, Bloomberg's Mark Gurman corroborated a rumor that iPhone 17 Pro models will be "available in an orange color."
Below, we recap key changes rumored for the iPhone 17 Pro models:
Aluminum frame: iPhone 17 Pro models are...
Apple will offer the upcoming iPhone 17 Pro and iPhone 17 Pro Max in a new orange color, according to Bloomberg's Mark Gurman.
Gurman made the claim in the latest edition of his Power On newsletter, adding that the new iPhone 17 Air – replacing the iPhone 16 Plus – will come in a new light blue color.
We've heard multiple rumors about a new iPhone 17 Pro color being a shade of orange. The ...
Apple has "considered" releasing a bumper case for the upcoming iPhone 17 Air, according to Bloomberg's Mark Gurman.
Similar to the bumper case that Apple introduced for the iPhone 4 in 2010, Gurman said the iPhone 17 Air version of the case would cover the edges of the device, but not the back of it. Those bumper cases were made of rubber.
Given that the iPhone 17 Air is expected to have ...
Apple will hold its annual iPhone-centric event on Tuesday, September 9 at the Apple Park campus in Cupertino, California, according to an announcement that went out today. The event will start at 10:00 a.m., with select members of the media invited to attend.
At the September 2025 iPhone event, Apple will unveil the iPhone 17 lineup, which includes an all-new ultra-thin iPhone 17 Air. It...
Apple today announced its "Awe Dropping" iPhone-centric event, which is set to take place on Tuesday, September 9 at 10:00 a.m. Pacific Time. There are a long list of products that are coming, but we thought we'd pull out five feature highlights to look forward to.
That Super Thin iPhone - Apple's September 9 event will see the unveiling of the first redesigned iPhone we've had in years, ...
We're only weeks away from Apple's annual iPhone event – rumored to take place on September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023.
By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for enhancements,...
Apple hasn't updated the AirPods Pro since 2022 other than a shift from Lightning to USB-C, and the earbuds are due for a refresh. According to Bloomberg's Mark Gurman, Apple will launch AirPods Pro 3 later this year, and apart from new features like heart rate monitoring, we're also expecting a few design changes.
The fourth‑generation AirPods offer useful clues to Apple's design cues for ...
