So you thought Mac OS X 10.7 “Lion” was secure,  and rushed right out and bought it?   Passware discovered that the logon password can be extracted from a Mac running OS X 10.7 Lion, even when the system is locked or asleep.


Passware, maker of the Passware Kit Forensic 11 published a press release  (See : http://www.lostpassword.com/pdf/pr-110726.pdf) stating that their software can extract password information in minutes, even when the computer is locked or put to sleep and can do so over a FireWire connection.  Passware extracts Mac OS X Lion passwords from RAM over a FireWire connection in minutes.  This comes hot on the heels of  the release of OS X “Lion” which many claimed to be the ‘most secure OS available’.

The flaw results from Mac OS X Lion storing the user login passwords in system memory even when the box is locked and placed in sleep mode, and can extract the password from RAM captured over firewire connections and FileVault encryption is no protection.  The solution is to shut down the computer and to disable the automatic logon feature. In other words, the computer is only secure when it is powered off if you have the automatic logon setting enabled.

The system is only as secure if the user does not disable the security for the sake of convenience, and convenience has always been a strong selling point for Apple computers.

Support InetDaemon.Com