Members of the Macintosh Community are reporting a rather serious security hole with version 10.7.3 of Mac OS X Lion and some versions of Snow Leopard and Lion Server. The flaw is specifically known to affect FileVault users but, in some specific configurations, might affect other users as well. Due to a programming error passwords are being recorded in plain text in the Macintosh log files under certain conditions. Persons who have direct access your Mac could potentially look into the log files and collect the passwords of the users who have recently logged into the machine.

There is no fix from Apple for this issue yet, however with it's level of severity we expect a patch to be pushed out very soon.

At the point PCN is suggesting a couple of common sense measures:

First, since most Mac users in Physics are self supported, we suggest that you immediately change your local Mac's account passwords to be something different from your Purdue career password. You can then use a utility like Onyx to delete the log files from your system.

Second, be sure that when Software Updater has the Mac OS X patch available that it is installed immediately. We will update our news list when it becomes available.