CF Apple Computer

March 2, 2008 | Flaw in Apple s OS X can expose keychain password By Leslie Poston Apple has struggled with its release of Leopard. The company has been accused most often of releasing an unfinished version just to get it on the shelves. This past month saw a release of the much anticipated Leopard Update 15.2.1, which fixed as many as 76 flaws in Leopard that were causing problems with everything from using the internet to seeing external drives and hearing your speakers.

Now a new problem looms for the rising star: a potential security risk. It seems that a flaw in Leopard can expose your keychain password to anyone who is at your machine if the flaw is left unfixed. how does it happen? It seems that due to a programming snafu the password is stored in the memory of the computer for far longer than is necessary to complete the log in task. That means anyone who can sit in front of your machine may be able to grab your password.

This poses little threat to the home computer user using a desktop in a secure environment. But if you are like me and take your laptop with your everywhere, or like others who have room mates, office mates and other high traffic issues, this could pose a problem. the person who discovered the flaw is unhappy with Apple s response: This is a real problem and it needs to be fixed, said Jacob Appelbaum, a San Francisco-based programmer who discovered the vulnerability and reported it to Apple.

He said he disagreed with the company s response: They won t put it in the latest security update or release a security update just for this issue. What makes this such a security concern is the unfettered access it gives the snooper to your keychain. The person stealing your password can see every password and log in that you have stored in your keychain. This means they can steal your identity and pretend to be you anywhere they want online.