Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account.
The vulnerability arises out of a programming error that stores the account password in the computer’s memory long after it’s needed, meaning it can be retrieved and used to log into the computer and impersonate the user.
“This is a real problem and it needs to be fixed,” said Jacob Appelbaum, a San Francisco-area programmer who discovered the vulnerability and reported it to Apple. He said he disagreed with the company’s response: “They won’t put it in the latest security update or release a security update just for this issue.”
Appelbaum is one of the team of researchers who published a “cold boot” paper last week describing unrelated vulnerabilities in encrypted filesystems, including Apple’s FileVault, Windows Vista’s BitLocker, and a number of open-source ones.
Unlike the security concerns reported last week, this vulnerability is specific to OS X. It’s also more sweeping because it offers–at least in OS X’s default configuration–full access to passwords stored in the Keychain, which can include passwords to wireless networks, Web sites, accounts accessed via SSH, network-mounted volumes, and so on. (link)