Apple reportedly patches FileVault password bug


— 4:31 PM on May 9, 2012

So, apparently, that OS X password-revealing bug we wrote about on Tuesday has been squashed. Apple released a new update to OS X Lion today, bringing it up to version 10.7.4, and AppleInsider says user passwords are now safe. (Several other sites, too, report that the bug is gone.)

As we noted earlier this week, the bug spits out log files containing user passwords in plain-text format on some configurations. Word is that only folks who'd used FileVault before upgrading to OS X Lion, and then upgraded and continued to use the old version of FileVault, are affected. The issue cropped up when OS X 10.7.3 came out in early February, and someone complained on Apple's support forums less than a week later.

Interestingly, the 10.7.4 release notes make no mention of the FileVault fix. Apple lists a handful of other resolved problems and additions—among other things, the "Reopen windows when logging back in" won't stick anymore, it says, and a more stable version of Safari (v5.1.6) in included. Apple points users to this page for an overview of the OS X update's "security content," but there's nothing there about 10.7.4, FileVault, or passwords. It doesn't look like the page has been updated since iOS 5.1.1 came out a couple of days ago.

   
Register
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.