by | |

On May 6, CNET released a new tutorial aimed at helping Mac users rectify a potential security problem in the OS X 10.7.3 in which a user's password can be written in plain text in the computer's log file if they are using older legacy FileVault data encryption technology.

"The older FileVault technology in OS X encrypted a user's home folder and left the rest of the system unencrypted," Topher Kessler wrote in the article. "But, in the Lion version of the operating system, Apple replaced FileVault with a full-disk encryption option dubbed 'FileVault 2.' However, for compatibility Apple still supports the legacy FileVault that was enabled on upgraded accounts, though any new enabling of FileVault will require the use of FileVault 2."

The first step in fixing this error, according to the source, is for users to access their "Security and Privacy" system preferences. Once there, users will see a message that lets them know they are still using the older version of FileVault. From here, users can access the Macintosh HD > Users directory and look for files that appear as disk image files, not folders, which will give them an idea of which accounts are still using the first version of Filevault.

Next the source recommends that users disable any accounts still using this version of FileVault, and enable FileVault 2, which will prevent outside users from accessing logged passwords through this loophole. However, the source notes that someone logged in on the computer as an administrator could obtain the password in this manner.

The last step, Kessler writes is choosing a new password for the account, though he notes this may take a clearing out a system logs and require the user to run commands. Still, since the loophole could compromise a laptop entirely, those who are looking to replace their outdate model may want to contact a specialist that is an authorized reseller of Toshiba laptops and Apple and Sony desktop computers. 

This entry was posted in .