FileVault security loophole

Reader Sean McNamara reports on a security loophole that can occur if you're using FileVault and also have Fast User Switching enabled:

"Admin User 1 (who uses FileVault) logs in - the encrypted sparse disk image is decrypted and mounted. The machine is then Fast User Switched to Admin User 2 - the [FileVault-enabled account remains mounted], with files available to be read by other admin users (including Admin User 2) using super-user privileges (such as "sudo cat /Users/adminuser1/somesecretfile.txt" at the command line).

"If remote login is enabled, it leads to a very similar situation: Admin User 1 logs in - the encrypted sparse disk image is decrypted and mounted. Admin User 2 remote logs in via SSH to his admin account. Using sudo, Admin User 2 can access Admin User 1's files as above."

We should point out that FileVault is only as secure as the least secure admin-level account -- an unscrupulous admin user could just as easily use Accounts preferences to change the account password of another user (admin or normal), and then access that user's FileVault-encrypted data.

Resources

More from Late-Breakers