What almost sounds impossible, seems true right now. The usually so-secure
Mac OS X seems to have a big security hole allowing hacers to spy on passwords.
It seems as if FileVault has a Debug option that allows writing unencrypted
passwords to FileVault files to the log file. This debug option has been…

activated with the udate of Lion (10.7.3) this year and it seems as if only users are are affected, who had installed Snow Leopard before.

The actual FileVault 2 does not have this security leak. I still am amazed that Apple allows this kind of security hole, that allows the exposure of private data.

However it needs some skills to read out the passwords. These are the Firewire-Disk-Mode of the host system that allows access to the log file or the Superuser shell from the recovery partition.

So the chance is rather small that you can be hacked from outside. Yet it’s not a thing to wave security around with.

As upon research it seems as if a user has reported this issue in early February in the global Apple support forums but didn’t get any reply there. Weird!

For all those who want to read the source: read here