OS X 10.7.4 Lion update fixes FileVault bug, includes Safari 5.1.6 [u]

The update, which is recommended for all OS X Lion users, patches a security bug found in certain configurations of the previous 10.7.3 version that allowed for inadvertent access to user passwords.

First discovered earlier in May, the bug allows for the creation of a system-wide debug file that displays user credentials including passwords in plain text. Fortunately, the flaw only affects users who carried over their FileVault settings from OS X Snow Leopard when making the switch to Lion.

The log-in data can also be viewed by booting a Mac into FireWire target disk mode and opening the drive as a disk or by using the superuser shell to mount mount the main system partition after booting into the Lion recovery partition.

Also included in the update is a fix for an issue that caused the "Reopen windows when logging back in" box to be perpetually checked when users logged out or shut down their Macs.

From the 10.7.4 release notes:

The OS X Lion v10.7.4 Update includes fixes that:

Resolve an issue in which the "Reopen windows when logging back in" setting is always enabled.

Improve compatibility with certain British third-party USB keyboards.

Addresses permission issues that may be caused if you use the Get Info inspector function "Apply to enclosed items…" on your home directory. For more information, see this article.

Improve Internet sharing of PPPoE connections.

Improve using a proxy auto-configuration (PAC) file.

Address an issue that may prevent files from being saved to an SMB server.

Improve printing to an SMB print queue.

Improve performance when connecting to a WebDAV server.

Enable automatic login for NIS accounts.

Include RAW image compatibility for additional digital cameras.

Improve the reliability of binding and logging into Active Directory accounts.

The OS X Lion v10.7.4 Update includes Safari 5.1.6, which contains stability improvements.

Users who purchased a Mac with Lion pre-installed are not affected by the 10.7.3 issue as Apple's FileVault 2 is not affected.

The 729.6MB update can be downloaded via Sofware Update or through Apple's Support Downloads webpage.

Update: OS X 10.7.4 Lion Client Combo, Server and Server Admin Tools updates also ready for download.

Apple also released OS X 10.7.4 Lion (Client Combo) on Wednesday, which features the same fixes mentioned above. The download weighs in at 1.4GB and is available through Software Update or Apple's Support Downloads page.

The Server and Server Combo updates include general improvements to file sharing, migration and security.

From the release notes:

File Sharing

defining custom names for file share points

using Kerberos authentication

emptying trash when using a network mounted home directory

using WebDAV with third-party iOS clients

copying files and Finder information over SMB

general reliability of SMB file services

Profile Manager

enhanced payloads and management settings for iOS and OS X clients

reliability of device enrollments after changing server hostname

configuring VPN management settings

using profiles to join 802.1x networks

installing enterprise iOS applications

setting iCloud, Spotlight and Media Restrictions for OS X clients

Web Server

improved handling of URL redirects and alias matches

Mail Server

improved reliability of SMTP services

prevent overwriting of manually configured greylisted mail servers

The update also includes specific fixes for:

more flexible service data storage

reconfiguring DNS settings when changing hostnames

editing DNS expirations

archival and migration of Open Directory

preserving local accounts during upgrades

Adding to the capabilities of Lion Server is Server Admin 10.7.4 which brings the latest releases of Podcast Composer, Server Admin, Server Monitor, System Image Utility, Workgroup Manager and Xgrid Admin.

The OS X Lion 10.7.4 Server download comes in at 738.71MB while 10.7.4 Server Combo and Server Admin Tools are 1.49GB and 212.4MB, respectively. All three can be downloaded via Software Update or Apple's Support Downloads page.