David K. March (dkmnow) wrote in macintosh, @ 2008-02-28 18:59:00 |
|
|||
Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account...
The security glitch works like this: The OS X subsystem that asks for a username and password to log into an account is, reasonably enough, called loginwindow.app. In the default configuration, the account password unlocks the user's keychain and the encrypted FileVault volume (if one is in use).
But instead of immediately erasing the password from memory once the unlocking process is complete, OS X keeps it around. That means someone with physical access to the computer can use multiple methods to extract the contents of the computer's DRAM chips.
Last week's paper described some of those techniques. They include: plugging an iPod into a Firewire port to extract the contents of memory, rebooting the computer and running a memory-extractor over the network or from removable media, or physically ripping out the DRAM chips and inserting them into another computer...