TweakTown
Tech content trusted by users in North America and around the world
5,675 Reviews & Articles | 36,072 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Another Mac security issue exposes Lion login passwords in plaintext

Apple security flaw exposes user login passwords in plaintext

| Hacking & Security News | Posted: May 7, 2012 3:29 pm

This year, so far, has not exactly been a stunning display for Macs. Between the Flashback malware and now this, it really shows just how weak the security of Mac OSX is. The latest blunder by Apple and its security team is that they turned on a debug log file which stores the user's password outside of the encrypted area.

 

TweakTown image news/2/3/23953_135_another_mac_security_issue_exposes_lion_login_passwords_in_plaintext.png

 

If you were using FileVault prior to upgrading to Lion, it may be time to think about changing your passwords as this would affect you. FileValut 2 users (whole drive encryption) are not affected by this accident. Additionally, if you have Time Machine backups, the plaintext log file has stored your password for the long term.

 

Security researcher David Emery explains:

 

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.

 

Ironically, someone had posted on the Apple Support Communities after he noticed the flaw exactly 3 months ago. Not a single person had gotten back to him. This highlights Apple's quality assurance problems. This needs to be fixed fast. But even after a patch is released, it will be impossible to make sure all copies of the log file are deleted, so remember to change your password!

NEWS SOURCE
Zdnet.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below