Apple’s Lion Security Hole Could Be A Wider Issue Than Just FileVault?
As you may have seen over the weekend, someone has discovered a security hole in FileVault, which arose with the OS X Lion security update, version 10.7.3, back in February: FileVault encryption passwords are now visible in plain text outside of a computer’s encrypted area. The hole was apparently spotted by someone back in February, although it was most publicly first pointed out by security consultant David Emery on the Cryptome blog a few days ago and the rest of the blogosphere has run with it. Now, it appears that the problem could be bigger than previously thought: it turns out that the developer who first noticed the hole back in February has discovered that it exists outside of FileVault, too, with at least one other company’s security encryption software, Lion VM, from VMWare Fusion, showing the same behavior. http://dlvr.it/1XDWJk