Another Apple Security Flaw Found

Sue Marquette Poremba

Looks like more security problems for Apple's OS. For some users, your passwords may be at risk. As ZDNet so deftly explained:

An Apple programmer, apparently by accident, left a debug flag in the most recent version of the Mac OS X operating system. In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.

If you used FileVault encryption and kept your old folders encrypted with that same FileVault version when you upgraded to the new version of Lion, there is a risk that others can read your login passwords. (FileVault2, however, is safe.)


David I. Emery was the person who first reported this new Apple concern. In response to the discovery, he wrote at Cryptome:

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.

While this may just be a programming mistake - which as of May 5 hadn't been corrected - in my opinion, it throws up yet another red flag about Apple and its internal security issues. Flashback brought to light that not only is Apple more vulnerable than many users want to believe, but perhaps more important, Apple is slow to respond to security concerns.


It seems like Apple security stories have increased since the death of Steve Jobs. Is it because the veil of secrecy has begun to shred a bit? Or is it that the approach has become more lax so these security lapses are coming through on the development end? Or is Apple truly unprepared to handle security flaws in an efficient manner?


I know many people who use Macs primarily because they consider Apple OS to be secure and "virus free." We've moved well beyond the days when we can only worry about security in terms of malware on the system. Bad guys will take advantage of any flaw, anywhere, in any system. And according to Trend Micro's first quarter report, Apple had the most security vulnerabilities of any company.


The time has come for Apple to step up its security.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.