CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | 10.7.0 (including) | 10.7.0 (including) |
| Mac_os_x | Apple | 10.7.1 (including) | 10.7.1 (including) |
| Mac_os_x_server | Apple | 10.7.0 (including) | 10.7.0 (including) |
| Mac_os_x_server | Apple | 10.7.1 (including) | 10.7.1 (including) |
References
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://osvdb.org/76362
- http://support.apple.com/kb/HT5002
- http://support.apple.com/kb/HT5281
- http://www.securityfocus.com/bid/50085
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://osvdb.org/76362
- http://support.apple.com/kb/HT5002
- http://support.apple.com/kb/HT5281
- http://www.securityfocus.com/bid/50085