Are you an avid user of OS X's FileVault encryption and running a
recently updated version of Lion? It may be time to consider changing
your passwords. According to security researcher David Emry, users who
used FileVault prior to upgrading to 10.7.3
may be able to find their password in a system-wide debug log file,
stored in plain text outside of the encrypted area. This puts the
password at risk of being read by other users or enterprising cyber
criminals, Emry explains, and even opens the door for new flaw-specific
malware. FileVault 2,
on the other hand, seems to be unaffected by the bug. The community
doesn't currently have a way to fight the flaw, so users rushing to
change their password now may find it being logged as well.
