Bugged: Apple OSX Storing Passwords In Plain Text

X

Apple’s recent OS X Lion suffers from a security flaw that exposes passwords in plain text.

An Apple programmer has accidentally left a debug flag in OS X Lion software which can cause passwords to appear in plain text debug log files.

Apple customers who use encryption software FileVault prior to the 10.7.3 build will be affected, with Mashable reporting those who have upgraded to FileVault 2 are not.

Apple hasn’t issued a fix yet, so changing your passwords won’t help seeing as they’ll end up in an insecure debug file too.

The flaw was spotted by David Emery, a security researcher, and enables anyone with a computer’s admin password to retrieve other user’s credentials.

“This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for,” claims Emery.

en us WD MyPassportSSD WEB BNR 728x90 Final Sustain V2 Bugged: Apple OSX Storing Passwords In Plain Text
ARL0335 Arlo Pro 4 Banner 728x90 FA scaled Bugged: Apple OSX Storing Passwords In Plain Text
SmartHouse Yoga Slim Carbon 728 x 90 Bugged: Apple OSX Storing Passwords In Plain Text
Versa3 Leaderboard 728x90 Bugged: Apple OSX Storing Passwords In Plain Text
Wave 728x90px Bugged: Apple OSX Storing Passwords In Plain Text
LB 728x90 Bugged: Apple OSX Storing Passwords In Plain Text
Olimpia Splendid Unico Cooling 728x90 Bugged: Apple OSX Storing Passwords In Plain Text
Flick of a switch 728x90 1 Bugged: Apple OSX Storing Passwords In Plain Text
Uniden PRO 728 x 90 Bugged: Apple OSX Storing Passwords In Plain Text
728x90 Bugged: Apple OSX Storing Passwords In Plain Text


YOU MAY ALSO LIKE