Apple has patched an OS X flaw that enabled FileVault passwords to be viewed in clear text.
The flaw (CVE-2012-0652) meant that a debugging feature would log OS X Lion passwords but only under specific conditions.
It was introduced in the update 10.7.3.
And while the latest update 10.7.4 fixed the issue, already captured passwords may not be erased. “The sensitive information may persist in saved logs after installation of this update,” Apple said in its notice.
The OS X log-in screen was not enough to safeguard logged passwords.
Security researcher David Emery pointed out that attackers could bypass the log-in screen by “booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition”.