| Apple Mac OS X Password Security Issue Exposed
|
engine
msg:4450299 | 11:39 am on May 7, 2012 (gmt 0) |
Apple Mac OS X Password Security Issue Exposed [zdnet.com] An Apple programmer, apparently by accident, left a debug flag in the most recent version of the Mac OS X operating system. In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.
Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected.
|
|
|
lucy24
msg:4450364 | 3:33 pm on May 7, 2012 (gmt 0) |
Have you ever looked at the list of bug fixes that are only publicized after the relevant OS security upgrade has been applied? It's enough to make your blood run cold.
|
|
|
