If you use Apple’s FileVault to encrypt your Mac’s hard drive, you should be careful. Security researcher David Emery has discovered a bug in Mac OS X 10.7.3 that may expose your FileVault password. According to Emery, “Someone, for some unknown reason, turned on a debug switch” in Mac OS X 10.7.3, which has the effect of writing a log containing your FileVault password in plain text form.
However, this only seems to apply to users who had FileVault turned on before the release of OS X Lion. If you only turned on FileVault in Lion, then you are safe.
To be fair, it’s not entirely simple for someone to break into a Mac by accessing this file. Emery says that:
the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file.
While that may seem like gibberish to many readers, you can be sure that plenty of malicious users know exactly what that means. And, as Emil Protalinski of ZDnet points out, “it would be possible for cyber criminals to write very specific malware that knows where to look on a targeted system.”
If you are using FileVault, and had been using it prior to Lion, here’s what you can do to protect your Mac and your files.
If you perform the above, your new password will be used for FileVault and the text file that is written to your disk will contain the old password; make sure they are different, really different. Don’t just change it from, say, “MyPet” to “MyPet2;” use a password that is in no way related to the previous one.
For more information about FileVault, read Apple’s technical note.