Password Security Hole Discovered in Certain FileVault Configurations on OS X 10.7.3

by

filevault iconZDNet reports on the discovery of a significant breach of password security for certain users of Apple's FileVault encryption system under OS X Lion. Affected systems currently store the login information for every recent user of the machine in plain text, allowing for easy circumvention of encryption.

In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.

Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected.

The issue was noted last Friday by David Emery on the Cryptome mailing list.

This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.

Emery also offers some suggestions for dealing with the issue, including turning on FileVault 2 and setting a firmware password on the machine in question.

The issue was actually first noted in the Apple discussion forums back on February 6, just days after OS X 10.7.3 was released to the public. That poster now notes that the issue may extend further than just the specific FileVault situation outlines by others, as he notes that he has experienced the same behavior on an OS X Lion virtual machine through VMware Fusion, without FileVault ever having been active on the installation. Consequently, the extent of the issue may not yet be fully known.

Apple has yet to offer any response to the issue, although it is unclear when the company became aware of it. Apple touts the security features of OS X Lion in its promotional materials for the operating system, with a focus on FileVault as an important component of that security, and it seems likely that the company will move as quickly as possible to investigate and fix the issue.

Popular Stories

iOS 26 on iPhone Feature

Here's When iOS 26 Rolls Out Today in Every Time Zone [Update: Out Now!]

Monday September 15, 2025 12:00 am PDT by
Update 10:06 a.m.: iOS 26 is rolling out now, though it may take a bit for all users to see it, so keep checking! Today's the day! Apple is about to release iOS 26, which will deliver the biggest redesign since iOS 7 and bring a range of new features and improvements to iPhones worldwide. It's Apple's biggest software update of the year, and Apple announced at last week's iPhone event that...
Read Full Article95 comments
Tim Cook Rainbow

Apple Reportedly Plans to Launch These 10 Products in 'Coming Months'

Sunday September 14, 2025 8:45 am PDT by
Apple's annual September event is now in the rearview mirror, with the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, iPhone Air, Apple Watch Series 11, Apple Watch Ultra 3, Apple Watch SE 3, and AirPods Pro 3 set to launch this Friday, September 19. As always, there is more to come. In his Power On newsletter today, Bloomberg's Mark Gurman said Apple plans to release many products in the...
Read Full Article80 comments
iOS 26 Battery Glass Feature

Apple Says Installing iOS 26 Might Impact Battery Life

Monday September 15, 2025 10:56 am PDT by
In the iOS 26 release notes, Apple is warning iPhone users that installing the new software might have a temporary impact on battery life, which is normal. A new support document explains that major iOS updates require background setup like indexing data and files for search, downloading new assets, and updating apps. Further, Apple says that new features could require more resources,...
Read Full Article118 comments
AirPods Pro Firmware Feature

AirPods Pro 2 and AirPods 4 Get iOS 26 Features With New Firmware Update

Monday September 15, 2025 10:50 am PDT by
Apple today released updated firmware for the AirPods Pro 2 and the AirPods 4, introducing support for the new AirPods features that are included in iOS 26, iPadOS 26, and macOS Tahoe. The firmware has a build number of 8A356, and it replaces the current 7E93 firmware. With Apple's new software updates, the AirPods Pro 2 and the AirPods 4 support better audio quality for phone calls and...
Read Full Article67 comments
iphone 17 lineup

iPhone 17 Models Launch on September 19 With These New Features

Friday September 12, 2025 7:58 am PDT by
Apple will launch its new iPhone 17 lineup and ultra-thin iPhone Air in stores on Friday, September 19, and the company has already shown off the new devices at its fall event, which ran with the the tagline "Awe dropping." The iPhone 17 series brings a host of new features and enhancements. Here's a rundown of the biggest upgrades and changes: iPhone 17 Display Changes The iPhone...
Read Full Article17 comments
apple n1 chip

Apple's New N1 Chip in iPhone 17, iPhone 17 Pro, and iPhone Air Has a Wi-Fi 7 Limitation

Saturday September 13, 2025 10:01 am PDT by
The latest iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air models are equipped with Apple's all-new N1 chip for Wi-Fi 7, Bluetooth 6, and Thread connectivity. However, the chip has a Wi-Fi 7 bandwidth limitation. According to FCC documents reviewed by MacRumors, the N1 chip in all of the new iPhone models supports up to 160 MHz channel bandwidth for Wi-Fi 7, short of the...
Read Full Article105 comments
iPhone 17 Pro Air Boxes

iPhone Air and iPhone 17 Pro Boxes Revealed

Sunday September 14, 2025 1:36 pm PDT by
T-Mobile President Jon Freier today shared real-world photos of Apple's boxes for the iPhone Air, iPhone 17 Pro, and iPhone 17 models, which launch on Friday. Image Credit: Jon Freier Apple has typically included iPhone box renders in its product environmental reports, but it did not do so for the latest models. However, Apple's iPhone Upgrade Program page does offer some images of the boxes, ...
Read Full Article74 comments

Top Rated Comments

loveturtle Avatar
loveturtle
174 months ago
What's the difference between FileVault and FileVault 2? I use 2, but are there any reasons someone would be unable to upgrade from the original to the new version?

If not, this seems like a non-issue.

This is not a non-issue. Don't be an apologist. There are legitimate reasons to use FileVault v1 over v2. v1 encrypts your home directory while v2 encrypts the whole filesystem. If you have untrusted users on the same computer (say shared with a family) v2 will give other users full access to your files while v1 will encrypt on a per home directory basis and another user will be unable to see your files.

Even if there were no legitimate reason to use v1 over v2 that is still no excuse. This is a serious oversight with serious consequences. Now these kind of things happen and the fact that it happened is not an insult to Apple. However, there is no excuse for it going unpatched for this long. There should have been a patch immediately after it was discovered. There is no excuse for that.
Score: 15 Votes (Like | Disagree)
Small White Car Avatar
Small White Car
174 months ago
I'm actually one of those people who like the user-features added to Lion, but doesn't it seem like the behind-the-scenes stuff in Lion is the sloppiest work in ANY version of the Mac OS?

I just feel like I'm seeing more stories like this these days than I did in past years.
Score: 13 Votes (Like | Disagree)
3282868 Avatar
3282868
174 months ago
This is one reason why I wish Apple would start hiring more engineers instead of shuffling them back and forth between iOS and OS X departments as they have since before the first iPhone launch in 2006 (Leopard was delayed twice to an October '06 release as engineers from OS X were shifted to iOS).

It's been stated Jobs hated hiring more, and kept a tight knit group of engineers. Perhaps more would help alleviate/diminish the odds of such programming flaws. Who knows. Either way, I'm sure it wouldn't hurt.

I'm actually one of those people who like the user-features added to Lion, but doesn't it seem like the behind-the-scenes stuff in Lion is the sloppiest work in ANY version of the Mac OS?

I just feel like I'm seeing more stories like this these days than I did in past years.
Agree. From what I gather, engineers are strained, being spread across iOS OS X departments. In part to unify the group but also in keeping with Jobs' desire for a small engineering base. It seems to be negatively effecting some aspects to their OS's.
Score: 11 Votes (Like | Disagree)
tigres Avatar
tigres
174 months ago
Apple will provide a fix for all of us @ the 10.8.3 juncture.;)
Score: 6 Votes (Like | Disagree)
HelveticaRoman Avatar
HelveticaRoman
174 months ago
If Apple were an airline, there's still a better than 80% chance you'd get to your destination safely.
Score: 4 Votes (Like | Disagree)
loveturtle Avatar
loveturtle
174 months ago
On point 1 above, if you use V2 you still cannot access another users files without root access. The system owner should set a root pw. If you set a root pw then others cannot get simple access to other users folders even if they're set as admin level. Although this has nothing to do with the security issues just revealed.

That's not true. Any admin user can spawn a root shell without the root password.

turtle@vier ~ $ whoami
turtle
turtle@vier ~ $ sudo su
vier turtle # whoami
root
vier turtle #

No password required other than the admin user password. That's not the point anyway, system passwords should not be logged in clear text period. Again, the fact that this happened isn't as big of a problem as the fact that it hasn't been patched yet.
Score: 4 Votes (Like | Disagree)
Read All Comments