Pixel Envy

Written by Nick Heer.

Mavericks Updates Bypass FileVault

I missed this from December, but it appears that the 10.9.1 update will bypass FileVault and automatically login after the system reboots. Thomas Brand has a good guess as to why Apple chose this route:

Power users might prefer the minor inconvenience of entering their password during a software update to complete the update process securely, but FileVault 2 is not just about security. It is about putting the customer’s fears to rest. Automating a required second restart of a customer’s encrypted Mac is just one way FileVault 2 fights the fear of complicated updates commonly associated with Windows. This isn’t a security flaw, this is software by design.

Here’s the thing, though: this behaviour creates a security flaw. The type of person who has FileVault enabled is the type of person who will not mind entering their password after reboot. I’d wager that almost no casual users have FileVault enabled, and that most people with it turned on are developers, hackers, or similar.