Top 5 Stories


Encryption passwords exposed by Apple's Lion OS X update

07 May 2012

Apple exposed encryption passwords of FileVault users in its Lion OS X 10.7 security update, says researcher.

In the February Lion OS X 10.7 update, a debug option was apparently left enabled in FileVault, resulting in users’ passwords being saved in plain text in a log file accessible outside the encrypted areas, David Emery, head of Die Consulting, explained in an email to Cryptome.

“Anyone who can read files accessible to group admin can discover the login passwords of any users of legacy (pre-Lion) FileVault home directories who have logged in since the upgrade to 10.7.3 in early February 2012”, Emery said.

“This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-Lion recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for”, he added.

Emery explained that users can partially protect themselves by using FileVault2 with full disk encryption.

Commenting on the revelation, Chester Wisniewski, senior security advisor at Sophos, wrote in a Naked Security blog: “Let's hope Apple is able to fix this problem quickly. However, the possibility that the plain text password has been backed up and the difficulty of ensuring both copies and the original plain text password are securely erased means retrieval could still be possible even after the fix is applied. Once Apple users receive and apply the fix, they would be well advised to consider this password compromised, change it and ensure it is not used on any other systems.”

This article is featured in:
Application Security  •  Encryption  •  Identity and Access Management  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×