A security flaw rolled out with Apple's latest update to Mac OS X Lion, version 10.7.3, may expose file passwords thought to be protected via Apple's data encryption system.
Under the right conditions, users of Apple's first version of FileVault who update their Mac to OS X Lion version 10.7.3 will switch on a debug log file exposing in clear, unencrypted text the FileVault passwords of anyone who has logged in since the device was updated, reports ZDNet. Security researcher David Emery first unconvered the flaw with a May 5 post on a mailing list for Cryptome, a website featuring documents on cryptology, national security, intelligence and more.
According to InfoWorld, Apple's first version of FileVault allowed users to encrypt only the contents of their home folder, while the updated FileVault 2, released with OS X Lion, allowed the encryption of the contents of a user's entire hard drive. So far, it seems only those using the first version of FileVault who have applied the OS X Lion 10.7.3 update are at risk for this flaw, which, writes ZDNet, is the result of an Apple programmer's accidental mistake.
"A mistake like this exposes more or less the keys to the kingdom to someone with literally no access to a supposedly secured area on a machine, and maybe nothing more than chance physical access to a target's laptop for a few unguarded minutes," Emery told InfoWord.
Sophos senior security advisor Chester Wisniewski explained in a May 6 blog post that because the debug log file containing your FileVault passwords is stored outside of the encrypted area of your device, anyone who gains access to your disk drive -- whether through theft, malware, or physical access -- can open the file and, using the passwords, access the encrypted contents of your drive. This error should be particularly troubling to those who share one device with several other users and rely on data encryption to protect their sensitive information.
Wisniewski suggests that using Apple's FileVault 2 might protect the data that had previously been exposed by encrypting one's entire disk drive. And, as The Daily Mail points out, if you feel you might be at risk, you can change your FileVault passwords and delete the debug log file, named "/var/log/secure.log," from your disk drive as soon as possible; thankfully, by default, the file is only kept for several weeks.
However, those who haven't encrypted their backup files, too, may end up with the debug log file on their Mac's backup utility, Time Machine, making it even more difficult to permanently get rid of the file and the FileVault passwords it contains.
"Let's hope Apple is able to fix this problem quickly," writes Wisniewski. "However, the possibility that the plain text password has been backed up and the difficulty of ensuring both copies and the original plain text password are securely erased means retrieval could still be possible even after the fix is applied."
Do you have any tips to share with other Mac users on how they can protect their device? Let us know in the comments below!