Latest in 10.7.3

Image credit:

OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault

Share
Tweet
Share

Sponsored Links

Are you an avid user of OS X's FileVault encryption and running a recently updated version of Lion? It may be time to consider changing your passwords. According to security researcher David Emry, users who used FileVault prior to upgrading to 10.7.3 may be able to find their password in a system-wide debug log file, stored in plain text outside of the encrypted area. This puts the password at risk of being read by other users or enterprising cyber criminals, Emry explains, and even opens the door for new flaw-specific malware. FileVault 2, on the other hand, seems to be unaffected by the bug. The community doesn't currently have a way to fight the flaw without disabling FileVault, so users rushing to change their password now may find it being logged as well. Obviously, we'll let you all know once we hear back from Apple regarding this matter.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Donald Trump pardons ex-Waymo, Uber engineer Anthony Levandowski

Donald Trump pardons ex-Waymo, Uber engineer Anthony Levandowski

View
LG considers leaving the mobile business

LG considers leaving the mobile business

View
Mercedes-Benz' EQA crossover is its first sub-$50,000 EV

Mercedes-Benz' EQA crossover is its first sub-$50,000 EV

View
Korg teases Drumlogue, a hybrid analog / digital groovebox

Korg teases Drumlogue, a hybrid analog / digital groovebox

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr