Bug in Version 10.7.3 of Mac OS-X (lion) could allow access to files stored in previous version of FileVault

In the last 24 hours, an error in programming has been identified in the Apple OS-X 10.7.3 Operating System Update issued on February 3. The error could allow an attacker to decrypt information stored in the previous version of Apple’s encryption package – FileVault.  A source indicated that a debug switch inadvertently left on in version 10.7.3 of the Lion Operating System records in clear text, the password needed to open the folder encrypted by the previous version of FileVault. Users that upgraded to the 10.7.3 Lion version but are using the previous version of FileVault are vulnerable.

At this time, no details have been provided regarding when a patch is expected from Apple.  According to Secunia, the workaround suggested by the vendor is to update to FileVault2

http://secunia.com/advisories/49039/

Solution

As a workaround use FileVault 2 (which requires full disk encryption)

http://www.apple.com/macosx/whats-new/features.html?siclientid=5899&sessguid=7338a84c-4c3c-4f2c-a804-3df607e6f57d&userguid=7338a84c-4c3c-4f2c-a804-3df607e6f57d&permguid=7338a84c-4c3c-4f2c-a804-3df607e6f57d#filevault2

This content will be updated as new information is provided.

Apple update to OS X Lion exposes encryption passwords

Apple engineering mistake exposes clear-text passwords for Lion

Apple security blunder exposes Lion login passwords in clear text

Summary: With the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted     area that stores the user’s password in clear text.

 Update – May 10

The security update released on May 9 resolves this vulnerability

http://ait-security.tamu.edu/2012/05/10/security-update-issued-for-apple-os-x-lion-and-snow-leopard-2/

Tags:

Categories: Uncategorized