14 DAY TRIAL // After acknowledging a security problem in OS X Lion 10.7.3, Apple has issued an advisory to document the implications of this recently-discovered flaw, as well as to offer instructions on how to patch the bug.
FileVault encrypts files on a Macintosh computer. It ships with every Mac since the release of Mac OS X v10.3 dubbed "Panther".
FileVault encrypts and decrypts file systems by creating a master password (and recovery key in 10.7+) on the fly.
Early versions of FileVault were slow and sometimes caused Macs to hang (e.g. when used in parallel with sound and video editing, and other disk-intensive apps). The performance of FileVault has been improved in more recent versions of Apple’s Mac operating system.
The California-based computer giant informs all users of its Lion operating system that OS X 10.7.3 suffers from a flaw where user account passwords for Legacy FileVault and/or home folders mounted via NFS, AFP, or SMB are stored as plain text in log files.
The log file issue was discovered earlier this month by security researcher David Emery working with DIE Consulting.
“System backups and syslog servers may also have the user account passwords stored as plain text,” Apple states in a KB article on its Support site.
The Mac maker adds that Time Machine backups are not affected since “Time Machine does not back up the log files in which user account passwords are in plain text.”
Affected users seem to have their way cut out for themselves as the resolution not only involves downloading and installing the newly-released OS X 10.7.4, but also following several steps to change the password for all affected user accounts, and deleting the log files permanently.
Two sets of instructions are offered - one for regular users, and another for more advanced users who can perform administrator commands using Terminal.