PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Apple's OS X Lion Update Has Exposed Encrypted Passwords for Three Months

Sara Yin
 & Sara Yin Junior software analyst

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Mac OSX Lion

Last Friday, a security researcher warned Mac users of a programming oversight in Mac OSX 10.7 Lion, that exposed encrypted passwords.

According to an email from David Emery, owner of DIE Consulting in Massachusetts, Apple accidentally left a debug option on in FileVault, OSX’s legacy encryption software.

As a result, the login password of a user who had logged in since the update in early February, was saved in plain text in a log file outside the encrypted area. In other words, anyone with administrator access to your computer—which could be anyone if you never log out of your account—can read the file containing the password, and log into the encrypted part of your disk.

The vulnerability affects FileVault users who upgraded from Snow Leopard (OSX 10.6) to Lion 10.7.3, but did not migrate to FileVault 2, the full-disk encryption software that came with Lion. According to Sophos, it does not appear to affect systems that started with Lion and upgraded to OSX 10.7.3. 

Recommended by Our Editors

Wikipedia Editors Could Strike Following Layoffs
Wikipedia Editors Could Strike Following Layoffs
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets

"This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file," Emery wrote.

Emery also noted that affected users who’ve also been backing up their data with Time Machine are essentially storing their unencrypted passwords over and over again.

Lion users should immediately activate FileVault 2, which can be found in the Security & Privacy setting in System Preferences. Click the FileVault tab to enable.

And hopefully, after a unacceptable delay in patching a Java vulnerability left hundreds of thousands of OS X users infected with Flashback last month, Apple will patch this three-month-old vuln sooner rather than later. 

In late April, Flashback authors tweaked the Trojan's code slightly to elude Apple's legacy anti-malware tool, XProtect. Many security researchers have criticized XProtect for offering insufficient protection, as it relies on exact fingerprints of the malware and can be bypassed with a slight change to malicious code. XProtect was originally released last May as part of Snow Leopard OS X 10.6, in response to weeks of media coverage over another enduring piece of Mac malware called MacDefender.

About Our Expert

Sara Yin

Sara Yin

Junior software analyst

Sara Yin is a junior analyst in the Software, Internet, and Networking group at PCmag.com, pouring most of her energy into app testing and security matters at Security Watch with Neil Rubenking. She lies awake at night pondering the state of mobile security (half-true). Prior to joining PCMag.com, Sara spent five years reporting for publications in New York City (Huffington Post), Hong Kong (South China Morning Post), and Singapore (Campaign Asia, Men's Health). Follow her on Twitter at @SecurityWatch and @sarapyin, or contact her the old school way: email. That's sara_yin AT pcmag.com.

Read the latest from Sara Yin

Read full bio