Apple Mac OS X Lion update fixes password flaw

A few days ago, the Mac community was up in arms after a security researcher, David Emery, announced that he had found a flaw in Mac OS X 10.7.3 (Lion) that allowed a computer running the OS to store user passwords in cleartext. The flaw had actually been found in February by a user named tarwinatorn, who posted word of the issue on Apple's support forums but no one seemed to notice it at the time.

The issue affected a Mac PC if it used FileVault encryption in Mac OS X 10.6 (Snow Leopard) and then upgraded to the current Lion version. People who own a Mac PC that had Lion pre-installed were not affected by this flaw.

Now AppleInsider reports that Apple has released a new update to Lion, which brings the version number up to Mac OS X 10.7.4. The update reportedly fixes this FileVault password issue.

In addition to that problem being solved, the new 10.7.4 update has a number of other bug fixes and improvements, including one where the "Reopen windows when logging back in" setting is always checked off. The patch also improves compatibly with some British made third-party USB keyboards and improves the Internet sharing of PPPoE connections

The new patch also contains the new version (5.1.6) of Apple's in-house Safari web browser, which brings some "stability improvements" to its users.

Report a problem with article
Previous Story

Could GameStop start selling Steam cards?

Next Story

Intel CEO slams Windows 8 ARM-based devices

16 Comments

Commenting is disabled on this article.

Arkos Reed said,
Little Warning to Plex users, 10.7.4 breaks a few things here and there apparently

I've never used Plex before, but I tried to use the latest version on Mountain Lion DP3.1, but I didn't seem to be able to install any plugins, I tried to install the Netflix Application but nothing seem to load in the directory.

Arkos Reed said,
Little Warning to Plex users, 10.7.4 breaks a few things here and there apparently

Interesting...do you know what exactly? Be nice to know before I upgrade my mac mini that is running the PMS.

s3n4te said,
took them long enough

You don't seem to realize how much testing has to be done before a patch can be released. Considering this was first found in February, I'd say they patched it remarkably fast.

Astra.Xtreme said,

You don't seem to realize how much testing has to be done before a patch can be released. Considering this was first found in February, I'd say they patched it remarkably fast.

So they couldn't have released a patch that simply turned off the debugging feature? yeah...right.

marinejld said,

So they couldn't have released a patch that simply turned off the debugging feature? yeah...right.

Yeh the people who need the debugging feature would have loved that!

marinejld said,

So they couldn't have released a patch that simply turned off the debugging feature? yeah...right.

The update is 729Mb in size... I suppose they can introduce a lot of bugs if they released this in a hurry.
By the way, when Vista shipped, some Microsoftie did not turn off the debug feature, so that's one reason why it eats up so much hard disk space. Guess when they actually fixed it? (Hint: Windows 7)

ThunderRiver said,

The update is 729Mb in size... I suppose they can introduce a lot of bugs if they released this in a hurry.
By the way, when Vista shipped, some Microsoftie did not turn off the debug feature, so that's one reason why it eats up so much hard disk space. Guess when they actually fixed it? (Hint: Windows 7)

And I bashed Apple when exactly? I never said anything about Microsoft. I'm not a fan boy of either.

The patch is a big patch no doubt - though it includes a number of other bug fixes. I supposed they had to include ALL of those to fix the one debugging feature left on by the tech?

DomZ said,

Yeh the people who need the debugging feature would have loved that!

It was a debugging feature for Apple OS engineers, not end users and developers. Shouldn't have been enabled in a release build in the first place, that was the bug.

It is only going to get "worse" as more companies adopt Apple's products and as more users come on board.

I'm just happy they put a fix out - though I'm a bit peeved that they've known about it for 3 months. It would appear that they didn't react to the issue until it hit more mainstream sites and word got out.

Apple is not invincible and hopefully they will adjust - the sooner the better.