Once again, Apple’s faith based security has taken a hit last weekend: it turned out that one of its genius programmers has left a debug flag in the latest version of the Mac OS X. So, if you now want to apply OS X Lion update 10.7.3, this process will turn on a system-wide debug log file which contains the login passwords of all users who have logged in since the update in question was applied. Worse still, all the passwords are stored in clear text, thus being easily reachable for future hackings.
This causes a huge problem for users who used FileVault encryption on their Mac before Lion, then upgraded to Lion and kept the folders encrypted using the legacy version of FileVault. The flaw in question was discovered by security expert David Emery, who published his findings to the Cryptome mailing list. However, Apple didn’t even bother to correct the flaw in subsequent updates. It seems that the company is adopting its traditional method of addressing security problems.
David Emery said that the situation is actually worse than it seems. The matter is that this log can be read by simply booting the PC into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell in order to mount the main file system partition and read the file.
In other words, now anyone is able to break into encrypted partitions on the computers even if they didn’t have any idea of any login passwords, which makes the entire encryption idea redundant.
In case the businesses were silly enough to trust the FileVault feature, they could have simply handed over all their business data to the hackers. However, a number of companies outside the entertainment industry have also based their networks on Apple’s security systems.
This causes a huge problem for users who used FileVault encryption on their Mac before Lion, then upgraded to Lion and kept the folders encrypted using the legacy version of FileVault. The flaw in question was discovered by security expert David Emery, who published his findings to the Cryptome mailing list. However, Apple didn’t even bother to correct the flaw in subsequent updates. It seems that the company is adopting its traditional method of addressing security problems.
David Emery said that the situation is actually worse than it seems. The matter is that this log can be read by simply booting the PC into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell in order to mount the main file system partition and read the file.
In other words, now anyone is able to break into encrypted partitions on the computers even if they didn’t have any idea of any login passwords, which makes the entire encryption idea redundant.
In case the businesses were silly enough to trust the FileVault feature, they could have simply handed over all their business data to the hackers. However, a number of companies outside the entertainment industry have also based their networks on Apple’s security systems.
No comments:
Post a Comment