Update to Mac OS X Lion exposes encrypted password for FileVault
Poor Apple has had a tough few weeks recently with several security vulnerabilities and criticism of their slow response to patch the problem. Now, users who installed the update 10.7.3, released in February for OS X Lion, risk having their encrypted password for FileVault exposed by an accidental debug feature that was left switched on!
At the moment, this vulnerability only appears to affect Apple users of OS X Lion who have chosen to encrypt their home directories, rather than choosing a full disk option. It has yet to be found whether users of OS X Snow Leopard or users of FileVault2 are affected.
Developers frequently use diagnostic tools to check that their code is working as intended. This is known as debugging. In this case, an Apple developer has forgotten to disable the debugging switch that saves encrypted passwords in plain text format to a log file. Anyone who is able to access this log file can simply read your password and gain access to your files. Worse, the log file is kept by the system for several weeks and could potentially be stored in back-up files too.
Keeping your files safe
Apple have yet to release a fix for this exploit but in the meantime it is recommended that users use full disk encryption. FileVault was replaced by FileVault2, which offers full disk encryption, or you might want to consider, Sophos SafeGuard for Mac.
More importantly, you should strongly consider changing the password for your encrypted folders. Even if the log file is deleted by the system, there is the possibility that the password may already have been read, or it could be recovered from any back-up copies that were made.
Have you been affected by this vulnerability?
If your password was compromised, or you know of another solution, share it with others below.