Apple shutters FileVault password hole

Powered by SC Magazine
 

Urges users to mop up logs.

Apple has patched an OS X flaw that enabled FileVault passwords to be viewed in clear text.

The flaw (CVE-2012-0652) meant that a debugging feature would log OS X Lion passwords but only under specific conditions.

Those logs would detail clear text legacy FileVault passwords for every user who logged in since the update was applied.

It was introduced in the update 10.7.3.

And while the latest update 10.7.4 fixed the issue, already captured passwords may not be erased. “The sensitive information may persist in saved logs after installation of this update,” Apple said in its notice.

Apple recommended users remove logged passwords by first updating OS X, changing user account passwords, then running in Terminal:

sudo srm --force --simple /var/log/secure.log

sudo srm --force --simple /var/log/secure.log.{0,1,2,3,4,5}.bz2

find -xX /var/log/asl | grep ".U0.G80" | xargs sudo srm --force --simple

The OS X log-in screen was not enough to safeguard logged passwords.

Security researcher David Emery pointed out that attackers could bypass the log-in screen by “booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition”.

Copyright © SC Magazine, Australia


Apple shutters FileVault password hole
 
 
 
Top Stories
Abbott brings back Science minister in cabinet reshuffle
Science tacked onto to Industry title.
 
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1903

Vote
Do you support the abolition of the Office of the Information Commissioner?