Security consultants have independently confirmed a serious security weakness that makes it trivial for hackers with physical control of many computers sold by Dell, Acer, and at least 14 other manufacturers to quickly recover Windows account passwords.
The vulnerability is contained in multiple versions of fingerprint-reading software known as UPEK Protector Suite. In July, Apple paid $356 million to buy Authentec, the Melbourne, Florida-based company that acquired the technology from privately held UPEK in 2010. The weakness came to light no later than September, but Apple has yet to acknowledge it or warn end users how to work around it. No one has accused Apple of being responsible for the underlying design of fingerprint-reading software.