“Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account,” Declan McCullagh reports for CNET.
“The vulnerability arises out of a programming error that stores the account password in the computer’s memory long after it’s needed, meaning it can be retrieved and used to log into the computer and impersonate the user,” McCullagh reports.
“‘This is a real problem and it needs to be fixed,’ said Jacob Appelbaum, a San Francisco-based programmer who discovered the vulnerability and reported it to Apple,” McCullagh reports. ‘Appelbaum is one of the team of researchers who published a ‘cold boot’ paper last week describing unrelated vulnerabilities in encrypted filesystems, including Apple’s FileVault, Windows Vista’s BitLocker, and a number of open-source ones.”
“The security glitch works like this: The OS X subsystem that asks for a username and password to log into an account is, reasonably enough, called loginwindow.app. In the default configuration, the account password unlocks the user’s keychain and the encrypted FileVault volume (if one is in use),” McCullagh reports. “But instead of immediately erasing the password from memory once the unlocking process is complete, OS X keeps it around. That means someone with physical access to the computer can use multiple methods to extract the contents of the computer’s DRAM chips.”
“Turning off your computer and waiting a minute or more protects you from this attack by giving the contents of DRAM time to decay,” McCullagh reports.
Full article here.
MacDailyNews Take: So, until Apple fixes this issue, do not turn off your Mac and bolt from the room if you’re worried that black helicopters carrying nefarious international spies ready to instantly rappel into your home or office someone’s intent on gaining access to your Mac. Instead, relax and sit there for a minute or so contemplating the existential meaning of DRAM decay, then you’ll be all set.
Seriously, though, portable Mac users (who are most likely using Sleep by just closing the lid), if you think you might leave your notebook in the plane, train, automobile, etc. and that someone will find it and attempt to extract info from your RAM (as opposed to immediately wiping the drive and putting it up for sale on eBay), then you might want to consider shutting down when not in use (a pain, we know) until Apple fixes this glitch.
Non issue.
Non issue for most of us. Good to know and fix for those who truly carry sensitive information on their laptop. This was a good find and Appelbaum is to be congratulated for finding it and reporting it responsibly to Apple and the other effected OS writers.
This cold boot thing is everywhere. They just need to make memory that will clean up after itself when you power off.
Now I understand what happened. My identity got stolen. I knew I should of questioned the two guys under my desk about the network network and logic analyzers they were connecting to my Mac pro. Man we are completely fccked. There is no way of keeping people from connecting network and logic analyzers to the memory bank of your mac while you are working. This is a major design flaw.
TRUE STORY: My house got broken into yesterday. They took the Toshiba laptop and left the Mac. Geez…
Just my $0.02
And if you stand on your head and rub a wooden nickel between your thumb and middle finger while chanting Lincoln’s Gettysburg Address people will stuff zucchini squash in your ears and call you “Woodrow”. Hey, don’t laugh. It’s as relevant and valuable as this story.
What did you say? Ruh Roh? I have squash in my ears say it again. I did not hear you. Wuh woh? Your teeth is decaying? What?
String Theory. That’s the answer to the DRAM decay issue….
Sitting and waiting with computer turned on will not help. It will not just fade out from RAM. The password is still there in memory and any memory scavenger software can take it out.
So they have to actually physically remove the RAM?
Over my cold dead hand…
ZOMFGBBQ VISTA > OSX
A valid concern. And there’s going to be exactly 0% of Mac users affected by this issue by the time it’s fixed.
To prevent this vulnerability, remove all memory modules from your computer, so there’s no chance that anything can be stored in memory.
Uh oh. I better not take my iMac anywhere or let anyone steal my RAM! Oh yeah cant forget to not let anyone into my wired network.
This is a non issue like most other comments have said. Also, like MDN said, most people who would actually steal a laptop would just zero out the hard drive and sell it on eBay.
@You don’t get it just doesn’t get it;
YES IT WILL fade out of RAM, given time (power your computer OFF first if you’re concerned), so don’t spook people into thinking their passwords are stored until the Earth spirals into the Sun.
I store all of my passwords in my cookie jar where nobody can find them.
@The Truth
Ha! Now I will hack into your cookie jar and steal your passwords (and your cookies while I’m at it)!
Telling everyone that was probably more dangerous than this “threat”.
This is why everyone should change their keychain password to something other than their login password; you can do it from within the KeyChain manager app.
on a side note. Its kinda funny how there’s all of these computer-related advertisemts on MDN and then you scroll below the comment box ad there’s a Pizza Hut Pizza Mia ad there. Lol
@ Gil
I get it. Good one.
I confirm it. This exploit is on the wild and breeding fast!!
That’s it, Apple should be chopped up and the spoils given to the shareholders.
Microsoft won.
Holly crap, if I stick in a OS X install disk in a Mac I can do the same thing as this exploit!!
Unless someone has both encrypted the drive AND set a firmware password. Like who really needs to do this?
After all EFI on every Intel Mac is a spy in the machine. It intercepts calls to hardware, contacts the internet, reads hard drives and does whatever it wants without the OS even being loaded.
So what’s this a big deal? A EFI exploit would indeed get lots of attention!!!
…and if someone has physical access to your computer… they’re going to steal it, not try and read your password from memory. Once they’ve stolen it they can easily get to all your documents, you know the excel file that has all your passwords in it, that is not password protected ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
HA HA MAC LOSERS, SO MUCH FOR YOUR LEGENDARY SECURITY!!
I so much love how the MIGHTY APPLE is making cheap looking glossy screen computers and insecure OS crap just like Microsoft.
What really gets me is you buttholes pay a fortune for the cheap insecure shiny crap too boot!!
FOOLS!!
Wow! So PC Loser is happy?!
Didn’t know there was still so much hate for Mac users. Oh well, ENVY has a way of rearing it’s ugly head.
It’s a non issue BTW.
pathetic.
Apple admits a mistake?
What’s next – Microsoft gives away Vista for free?
I never had this problem when I used a PC.
I speaking about the fear of someone wanting to steal it…..