“According to Passware, the latest version of Mac OS X has a ‘vulnerability’ that allows login passwords to be exposed while the Mac is locked or in sleep mode. In order to access those passwords, users will need to connect to the Mac’s FireWire port, since it allows for communication by direct memory access, the firm said,” Don Reisinger reports for CNET. “Mac OS X Snow Leopard, the previous version of Apple’s operating system, is also affected, Passware says.”
“Passware, which offers its password recovery software to law enforcement agencies, says that its latest release, the Passware Kit Forensic v11, addresses the apparent Mac OS X vulnerability,” Reisinger reports. “When users employ the $995 software, they’ll be able to recover login passwords, as well as passwords saved in the Mac keychain, such as those for Web sites, wireless networks, and more.”
Advertisement: Limited Time: Students, Parents and Faculty save up to $200 on a new Mac.
“Luckily for Mac users, the issue can be solved quite quickly by disabling the automatic login setting in the operating system. Passware president Dmitry Sumin told CNET in an e-mailed statement today that users must also turn off their computers. Upon doing so, the platform will no longer save passwords in memory, thus making them unrecoverable,” Reisinger reports. “According to Sumin, users can also disable the FireWire port to safeguard themselves from the vulnerability.”
Reisinger reports, “This isn’t the first time that Passware has used this technique to access seemingly secured data. According to the company, it was able to use the same technique to decrypt hard drives encrypted with Windows’ BitLocker and TrueCrypt.”
Full article here.