People that are using OS X FileVault encryption and an updated version of Lion should change their password. Security researcher David Emry found out that people using a version of FileVault before version 10.7.3 may find their admin login password in a system-wide debug log file that is stored in plain text outside of the encrypted area. This puts your password at risk of being read by other users and could open the door for flaw-specific malware. FileVault 2 is not affected by this bug. Currently there isn’t a way to get around this flaw without disabling FileVault.
May 7, 2012