Posted on Monday, May 07 2012 @ 20:49 CEST by Thomas De Maesschalck
The Tech Report
reports a bug in Mac OS X 10.7.3 can lead to the operating system generating a debug log file that contains the login passwords of every user who has logged in since the update came out on February 1st. The bug was discovered and reported to Apple less than a week later, but the firm has done nothing yet to resolve it.
As ZDNet reports, OS X 10.7.3 spits out a debug log file containing "the login passwords of every user who has logged in since the update was applied." The file isn't generated on all configurations. However, "anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault" could be affected. ZDNet quotes security researcher David Emery, who says the log files can be accessed by third parties in a variety of ways:
This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.
