“Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account,” Declan McCullagh reports for CNET.
“The vulnerability arises out of a programming error that stores the account password in the computer’s memory long after it’s needed, meaning it can be retrieved and used to log into the computer and impersonate the user,” McCullagh reports.
“‘This is a real problem and it needs to be fixed,’ said Jacob Appelbaum, a San Francisco-based programmer who discovered the vulnerability and reported it to Apple,” McCullagh reports. ‘Appelbaum is one of the team of researchers who published a ‘cold boot’ paper last week describing unrelated vulnerabilities in encrypted filesystems, including Apple’s FileVault, Windows Vista’s BitLocker, and a number of open-source ones.”
“The security glitch works like this: The OS X subsystem that asks for a username and password to log into an account is, reasonably enough, called loginwindow.app. In the default configuration, the account password unlocks the user’s keychain and the encrypted FileVault volume (if one is in use),” McCullagh reports. “But instead of immediately erasing the password from memory once the unlocking process is complete, OS X keeps it around. That means someone with physical access to the computer can use multiple methods to extract the contents of the computer’s DRAM chips.”
“Turning off your computer and waiting a minute or more protects you from this attack by giving the contents of DRAM time to decay,” McCullagh reports.
Full article here.
MacDailyNews Take: So, until Apple fixes this issue, do not turn off your Mac and bolt from the room if you’re worried that
black helicopters carrying nefarious international spies ready to instantly rappel into your home or office someone’s intent on gaining access to your Mac. Instead, relax and sit there for a minute or so contemplating the existential meaning of DRAM decay, then you’ll be all set.
Seriously, though, portable Mac users (who are most likely using Sleep by just closing the lid), if you think you might leave your notebook in the plane, train, automobile, etc. and that someone will find it and attempt to extract info from your RAM (as opposed to immediately wiping the drive and putting it up for sale on eBay), then you might want to consider shutting down when not in use (a pain, we know) until Apple fixes this glitch.