An Apple developer enabled a debug log file in OS X 10.7.3 that stores user passwords in clear-text — and a user posted the flaw on Apple’s Support Communities over three months ago.
Lion flaw exposes user's passwords in clear text - Jason O'Grady
There’s a major security bug in the currently shipping version of OS X Lion (10.7.3). ZDNET’s own Emil Protalinski and Ed Bott exposed it after it was first reported by security researcher David Emery on the Cryptome mailing list.
Users of Apple’s FileVault encryption that upgraded from Snow Leopard to OS X Lion update 10.7.3 (build 11D50) were apparently victimized by a piece of errant code that turned on a system-wide debug log file containing the login passwords of every user that logged in since the update was applied Read More
No comments:
Post a Comment