Säkerhetslucka i Filevault 2

Ulf Frizk:

macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches.

Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable.

En mycket allvarlig säkerhetsbugg som är fixad i macOS 10.12.2. Huruvida tidigare versioner av OS X är drabbade låter jag vara osagt men det är inte osannolikt.

© 2021 Omsoc Publishing AB