Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Apple has patched an OS X flaw that enabled FileVault passwords to be viewed in clear text.
The flaw (CVE-2012-0652) meant that a debugging feature would log OS X Lion passwords but only under specific conditions.
Those logs would detail clear text legacy FileVault passwords for every user who logged in since the update was applied.
It was introduced in the update 10.7.3.
And while the latest update 10.7.4 fixed the issue, already captured passwords may not be erased. “The sensitive information may persist in saved logs after installation of this update,” Apple said in its notice.
Apple recommended users remove logged passwords by first updating OS X, changing user account passwords, then running in Terminal:
sudo srm --force --simple /var/log/secure.log sudo srm --force --simple /var/log/secure.log.{0,1,2,3,4,5}.bz2 find -xX /var/log/asl | grep ".U0.G80" | xargs sudo srm --force --simple
The OS X log-in screen was not enough to safeguard logged passwords.
Security researcher David Emery pointed out that attackers could bypass the log-in screen by “booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition”.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
