Mac Program May Expose User Passwords

Mac users may need more layered security, as threats are starting to pop up more frequently.

Sorry, Mac fans, more bad tidings. After news broke earlier this year about FlashBack malware, which affected Macs across the world, RedOrbit.com pointed out recently that a bug in FileVault could potentially display a user’s passwords instead of encrypting them as it is meant to do. Better layered security may be the order of the day for Mac users, who historically haven’t had to deal with as much guff from cybercriminals as PC partisans.

The bug is only affecting those using the latest version of Lion, 10.7.3, with the older version of FileVault, which is a program used by Macs to encrypt data to keep it safe from hackers and even wipe the disk clean if need be. David Emery said on Cryptome that someone at the FileVault team accidentally turned on a “debug switch” in the new release of Lion which displays every login password the user has in plain text. This leaves Mac users open to attacks.

“This is worse than it seems,” Emery said on the website. “Since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file … This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.”

PC Magazine’s Security Watch blog said a fix was put out for this vulnerability and 29 others. The website said it’s very welcome news for Apple users (that’s putting it lightly), but there is still room to improve response time to malware and other nasty threats. The news source stated the bug was initially reported by a user and received no public response until the fix, leaving many wondering how much Apple knew about the malware and when a fix will be implemented each time there is a new piece of malware.

If you’re a Mac owner, have you had any trouble with malware or other bugs infesting your operating system? Are you confident in Apple’s ability to keep up with these issues?

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.