Pin It

Widgets

Apple in hot water over security lapse

Apple in hot water over security lapse
If April was bad for Apple on the security front, May seems to offer little respite. Reports indicate of a possible oversight on Apple engineers' behalf that potentially exposes the user's password in clear text.


The problem is related to FileVault, the file encryption technology that ships with Apple's Mac operating system, specifically Macs using the FileVault encryption version that shipped pre-Lion. According to David I Emery, who reported the issue on a mailing list, every time the user's FileVault protected home-directory is mounted via the network, the user's password in logged to a file in clear-text.

This type of logging is common when developers are testing code internally, but shipping this in production or user-facing code is unacceptable. This log file, and thus the password, is accessible to any user with root or admin privileges. With access to the password, the root or admin user can now see contents of the user's FileVault encrypted folder.The issue, first reported on May 5th, affects Mac users who moved their FileVault encrypted folders to Lion from legacy versions of Mac OS X. Users utilizing Lion's Filevault 2 (whole disk encryption) remain unaffected.As per Emery, the bug was introduced with Mac OS Lion 10.7.3 update in early February. Apple has not released any comment confirming or denying the problem till date.

 
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web