“Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account,” Declan McCullagh reports for CNET.
“The vulnerability arises out of a programming error that stores the account password in the computer’s memory long after it’s needed, meaning it can be retrieved and used to log into the computer and impersonate the user,” McCullagh reports.
“‘This is a real problem and it needs to be fixed,’ said Jacob Appelbaum, a San Francisco-based programmer who discovered the vulnerability and reported it to Apple,” McCullagh reports. ‘Appelbaum is one of the team of researchers who published a ‘cold boot’ paper last week describing unrelated vulnerabilities in encrypted filesystems, including Apple’s FileVault, Windows Vista’s BitLocker, and a number of open-source ones.”
“The security glitch works like this: The OS X subsystem that asks for a username and password to log into an account is, reasonably enough, called loginwindow.app. In the default configuration, the account password unlocks the user’s keychain and the encrypted FileVault volume (if one is in use),” McCullagh reports. “But instead of immediately erasing the password from memory once the unlocking process is complete, OS X keeps it around. That means someone with physical access to the computer can use multiple methods to extract the contents of the computer’s DRAM chips.”
“Turning off your computer and waiting a minute or more protects you from this attack by giving the contents of DRAM time to decay,” McCullagh reports.
Full article here.
MacDailyNews Take: So, until Apple fixes this issue, do not turn off your Mac and bolt from the room if you’re worried that black helicopters carrying nefarious international spies ready to instantly rappel into your home or office someone’s intent on gaining access to your Mac. Instead, relax and sit there for a minute or so contemplating the existential meaning of DRAM decay, then you’ll be all set.
Seriously, though, portable Mac users (who are most likely using Sleep by just closing the lid), if you think you might leave your notebook in the plane, train, automobile, etc. and that someone will find it and attempt to extract info from your RAM (as opposed to immediately wiping the drive and putting it up for sale on eBay), then you might want to consider shutting down when not in use (a pain, we know) until Apple fixes this glitch.
here is that ‘m I forgot.
The sky is falling…Help!
MDN Magic Word… DEAD as in dead…LOL
Yeah, someone with physical access….
yawnnnn!
Hey, where’s ZuneTang? Something like that happens and he’s sleeping? Or is he reinstalling Vista? A.k.a performing OVI, Overnight Vista Install.
Really, most of the time my Mac is auto logging in, so I don’t give a crap about that because I will be fsck’d anyway.
@ PC Users
Hate to tell you, guys, but Windows has had his flaw for a looooong time. (Which does make it quite embarrassing that OS X now has it, too.) All it takes on an XP system is NotePad and accessing the swap file where passwords/logins/etc could be easily found to pwn your machine.
@ Mac Users:
Shen is right. This one is much more significant than the “freeze your ram” attack. All I need for this one is a sleeping Mac and a pen drive with some little memory editors on it.
Dear Think:
“…all the Mac clowns on this forum…”
Ahh, think about it for a minute. The URL http://www.macdailyclownnews.com. What did you expect to find?
What if one were to logout and then sleep the mac, as opposed to shutting down? am i still at risk?
This is the first Apple security vulnerability we’ve seen in a while that isn’t a STD (safari transmitted disease). So think about using proper protection.
Meanwhile Vista users contract digital versions of syphilis every day!
Ridiculous non-issue. ANYONE THAT HAS PHYSICAL ACCESS TO A MACHINE can do ANYTHING they want to it!
Non issue.
Right. And if it was Microsoft’s operating system that had this problem all the Mac clowns on this forum would be ranting and raving about how bad Microsoft is, how insecure Windows is and how much more “superior” Mac is.
Fact: this is an issue, whether you like it or not.
So how do you pull a password out of ram?
Is that hard or very difficult to do? Seriously.
Now think about this for a minute…. If the person has physical access to your Mac, your office or home has already been compromised and they can just take whatever they want and then leisurely go thru your hard drive at their place.
Better way to think about it….
So this can’t happen via the Internet.
What’s
the
point.
i hate to sound rational, but this is an issue, and one that Apple will fix, and one that it is doubtful anyone will lose anything too. it is not the end of the world, or a hideous black-mark on Apples record, or anything like that.
this is an example of why you need white hats, and why you should listen to them, and Apple tends to.
having said that, if i physically have you machine, i will eventually own it. nothing will stop that. ever. get over it.
if this were like the poor guy i just talked to that had 5 different malware programs on his vista machine and lost all his bank account info to some hacker, i might be worried. there is a big difference here.
If someone has physical access to a machine, there are inherent security risks way beyond this. Waste of time.
I store all my passwords on a Zune. Nobody, and I mean, NO BODY, would ever steal that nor think to look there.
Do these so-called researchers have nothing better to do. This is such a non-issues to 99% of the people on the planet. I guess they finally got tired of writhing viruses for Windows.
I’m working on a research paper, Looking over a User Shoulder can Compromise their Passwords. It’s a real issue with no fix in sight.
“if I stick in a OS X install disk in a Mac I can do the same thing as this exploit!”
This will not discover, or allow you to change, the Keychain password.
This does require physical access, for an extended time, to the machine. I’m not sure how that qualifies as an exploitable fault, but, no reason it should not be fixed. There are things needing security on anyone’s computer.
Guys, the only hackers I’m afraid of scientology nuts that get my info and terrorise… like they always do once they get a hold of your details.
Sheesh—-Who keeps anything worth stealing on a Mac?
Non-issue.
> will let someone with physical access to a Macintosh computer
Wow! Now the hacker has to have physical access to the target Mac to exploit a Mac OS X vulnerability. Next we’ll learn about another Mac OS X vulnerability that requires the hacker to actually BE the target Mac’s owner.
It’s no wonder hackers go after Windows. Windows is the low-hanging fruit. It’s just not worth the effort to exploit a Mac OS X vulnerability.
is MDN loading 100 times faster or is it just my iPhone?
keychain is faaked up anyway
look at the airport issue in 10.5.2
Its a feature not a glitch. Now I can forget my Password. If I need it, I know where to find it.
Better yet, now I can access all my co-workers porn
Methinks this is not a Baum dropped on Appel.
And yet, it’s not good pub at all.
“….if you’re worried that black helicopters carrying nefarious international spies ready to instantly rappel into your home or offices…”
Glad you crossed that out – that only happens when you rip DVDs.