Paul Nelson

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X version 10.7.3 **Description** The issue concerns the Login Window in Apple Mac OS X. When Legacy File Vault or networked home directories are enabled, it does not properly restrict what is written to the system log for network logins. This allows local users to obtain sensitive information by reading the log. **Recommendations** For Apple Mac OS X version 10.7.3, consider disabling Legacy File Vault or networked home directories as a temporary workaround to minimize the risk of exploitation. Restrict access to the system log to prevent local users from obtaining sensitive information.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.8 **Description** The issue allows local users to potentially obtain sensitive information by reading a log file. This is because the App Store in Apple Mac OS X creates a log entry containing a user's AppleID password. The risk is heightened if the log file has non-default permissions. **Recommendations** For versions prior to 10.6.8, update to version 10.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.