Do you use FileVault to secure your Mac? Are you running macOS Sierra? Have you updated to 10.12.2 yet?

If your answer to the first two questions is yes, then you must update to 10.12.2 if you want to prevent someone with physical access to your Mac from retrieving its FileVault password. That might occur if your Mac is lost or stolen, for example.

Just published on Ulf Frisk’s blog is a simple method for retrieving the FileVault (that’s FileVault2) password from any Mac with a Thunderbolt port, which possibly also works with USB-C models too. This relies on a vulnerability which Apple has now fixed in Sierra 10.12.2.

If the Mac is completely shut down, this method cannot be used. But if it is only sleeping or locked, all the intruder has to do is plug in a special Thunderbolt device (cost $300), force a restart using Control-Command-Power, and the password will be displayed within thirty seconds. Frisk explains the vulnerability in full detail in his article.

Thanks to Ulf Frisk for explaining, and to Patrick Wardle for drawing attention to this.