People make mistakes, and the folks at Apple made a big one when they sent out OS X Lion 10.7.3 with the debug option on FileVault enabled. If it’s any consolation, only users of Legacy FileVault and/or networked home directories are affected. Installing the OS X Lion v10.7.4 should correct the error.
As Apple explains it, “An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log where other users of the system could read it.”
In other words remote administrators and anyone with physical access to your computer could see your login password because the debugging feature causes passwords to be saved as plain text. Obviously, that’s not a good thing. Because the compromised information could remain on your computer in its compromised plain text state even after you’ve installed the 10.7.4 update, Apple also provides instructions for safely removing it here.
Apple has also listed here a host of other vulnerabilities that the OS X Lion 10.7.4 update should eliminate.
When it comes to security updates for your computer, especially the kind that fix security gaps like the one in FileVault, it’s a good idea to install them as soon as they’re available. You should also be proactive and if your computer has one – and you haven’t done so already — enable the automatic update feature. This ensures that you always have to latest technology available. And, at least in the case of Microsoft customers, when something goes wrong and a patch has to be issued, those whose computers update automatically get those patches installed sometimes, before the customers even know a problem existed.
Comments are closed.