Passware, a provider of password cracking software, today said that the latest edition of its flagship password cracking forensic suite, Passware Kit Forensic v11, can extract Mac OS X Lion user login passwords from system memory in a matter of minutes.
The Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode. Passware’s software captures live Mac computer memory over FireWire and analyzes it, extracting these passwords, a process that the company says takes just a few minutes–regardless of password strength and use of a FileVault encryption. The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.
As Apple’s operating system has increased in popularity in recent years, so have security threats for users. Passware President Dmitry Sumin notes, “Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion.”
While this type of “hack” isn’t necessarily new in theory, it’s the ease of executing it with utilities available to anyone that is the key here–similar to how FireSheep enabled HTTPS session hijacking to the masses.
Want to protect yourself against this vulnerability? Passware says the security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the “Automatic Login” setting. This way, passwords will not be present in memory and cannot be recovered.
Secure Development Resource: Designing Security for Newly Networked Devices
Passware previously used the same technique to decrypt hard disks encrypted with BitLocker and TrueCrypt.
“I am a Mac user myself, but it’s important to understand the limitations of your computer’s security, even if you are not a computer forensics expert,” Sumin added. “If data stored is confidential, it is important to ensure physical security of the computer. One might also consider using additional encryption software.”
Passware Kit Forensic provides password recovery for any protected file detected on a PC or over the network while scanning, revealing hidden and protected data files on anyone’s computer.
Additional Mac OS related features of Passware Kit Forensic 11 include:
• Recovery of login passwords from Mac OS X users database
• Recovery of passwords for Mac keychain files, which gives access to user information contained in these files: saves passwords (for websites, network shares, wireless networks), private keys, certificates, etc.
Anyone can purchase Passware Kit Forensic directly from Passware or via a network of resellers worldwide for $995 with one year of free updates.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
- Russia-Linked APT29 Uses New Malware in Embassy Attacks
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
