Bug in Version 10.7.3 of Mac OS-X (lion) could allow access to files stored in previous version of FileVault
In the last 24 hours, an error in programming has been identified in the Apple OS-X 10.7.3 Operating System Update issued on February 3. The error could allow an attacker to decrypt information stored in the previous version of Apple’s encryption package – FileVault. A source indicated that a debug switch inadvertently left on in version 10.7.3 of the Lion Operating System records in clear text, the password needed to open the folder encrypted by the previous version of FileVault. Users that upgraded to the 10.7.3 Lion version but are using the previous version of FileVault are vulnerable.
At this time, no details have been provided regarding when a patch is expected from Apple. According to Secunia, the workaround suggested by the vendor is to update to FileVault2
As a workaround use FileVault 2 (which requires full disk encryption)
This content will be updated as new information is provided.
Apple update to OS X Lion exposes encryption passwords
Apple engineering mistake exposes clear-text passwords for Lion
Apple security blunder exposes Lion login passwords in clear text
Summary: With the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text.
Update – May 10
The security update released on May 9 resolves this vulnerability