May 7, 2012 at 12:40 PM ET
Well, this is awkward. A security update for Mac OS X left some users' data exposed by turning on a log file which contains login passwords … in plain text.
Affected users are those who "used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault," explains ZDNet's Emil Protalinski. "FileVault 2 (whole disk encryption) is unaffected."
Security researcher David Emery called attention to this security hole in a post on the Cryptome mailing list (which is dedicated to security, cryptology and similar topics). Emery writes that the bug "seems to have been introduced" with Mac OS X Lion 10.7.3, in early Feb. 2012.
There's a variety of ways for someone with malicious intent to snatch the sensitive log file in question and he or she could use it to read encrypted files as well as other data protected by the credential it contains.
Right now there doesn't appear to be a fix for this security issue, but we wouldn't be surprised if Apple releases some sort of patch soon. We have reached out to the Cupertino-based company for more information and will update if we hear back.
In the meantime, there's unfortunately not very much you can do to protect yourself. Just use common sense to dodge malware which could abuse this security hole and don't leave shady individuals unattended with your computer.
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.