Whilst past reports of Mac OS X security have never shown Apple's big-boy operating system to be the most secure of softwares, Mac users may be particularly surprised this time to find out that if they had used Apple's FileVault for storing their passwords, prior to updating to OS X Lion and eventually, 10.7.3, there's a chance that their passwords have been left out in the open, in plain text, sitting in a debug log file.
The flaw is caused by a rogue debug flag set by one of Apple's programmers; those that used FileVault and encrypted spaces will have held on to the older version of FileVault after upgrading to OS X Lion, in order to retain their encrypted data; it's these users who are affected by the programming error, with users of the new FileVault 2 disk-wide encryption unaffected, though, mind you, reports earlier this year also showed that despite its encryption, FileVault 2 can be brute-force hacked in just 40 minutes, through the use of live memory analysis.
Currently, the only way for users to ensure that the issue doesn't repeat itself, is to disable FileVault altogether, exposing encrypted data. Likewise, this bug affects TimeMachine backups too, and so any historical data is also exposing passwords and remains a risk if stolen.
We wonder what virus/trojan will, inevitably, be the first to exploit this flaw?
