User passwords are being stored in a debug log in clear text in Apple’s current version of Mac OS X, 10.7.3, according to David Emery, owner of DIE Consulting. This adds another chink in the widely held belief that Apple devices are unexploitable.
According to Emery, it appears that someone at Apple left a debug switch turned on in the current released version of MacOS Lion 10.7.3. The switch causes one of the debug logs to store the user’s password in plain text. Emery says this means anyone with root or admin access can read the password.
“This is worse than it seems,” wrote Emery, in a post to the Cryptome mailing list. “…since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.”
Emery says the security issue appears to have been introduced into MacOS Lion 10.7.3 in February of this year, and has thus far not been corrected.
Emil Protalinski, at ZDNet, points out in his story about the security flaw that at least one user in the Apple Support Communities noticed this issue as far back as three months ago. He asked if it was a known bug, but did not get a response.
Apple recently released a tool for removing the Flashback malware Trojan, which is thought to have infected as many as 650,000 Macs worldwide.