OS X Lion Security Hole Gives Hackers Access To Account Passwords
Mac OS X may have a sterling reputation for being virus-free, but that doesn’t mean there aren’t plenty of other ways for malicious types to invade your personal space. According to one security blog, one such vulnerability has turned up in the new OS X Lion which allows hackers to change your account passwords.
MacNN is reporting that a “serious security vulnerability” has turned up inside OS X Lion which allows hackers to alter the password of your user account -- and if you have more than one, to do the same on all of them. According to security blog Defence in Depth, the operating system “reportedly allows non-root users the ability to view password hash data,” which in turn means that hackers could in theory use a basic Python script to turn up the password itself.
“Aggravating the situation is that Lion doesn't require a password to change a current user's login,” MacNN explains. “Entering the command ‘dscl localhost -passwd /Search/Users/______,’ with the blank substituted by a person's account name, will therefore prompt for a new password. Keeping the threat under control at the moment is that an attacker needs local access to a Mac, as well as Directory Service access.”
Apple will likely plug this security hole in a future update, but for now the security blog suggests disabling automatic logins, turning on sleep/screen saver passwords and even shutting off guest accounts as a temporary remedy for the issue.
Follow this article’s author, J.R. Bookwalter on Twitter
Related Articles
LDMartin1959
September 20, 2011 at 11:06am
If they have physical access to you're computer, they are probably an authorized user. Or you are not paying attention and have other, more serious issues to deal with. Sure, it's an issue, but this is a lot less of an issue than many seem to be making it out to be.
brandonwalkermedia
September 20, 2011 at 12:41pm
Right, Funny you have to have be there in person to do something to aMac (kinda seems like common sense right?)
Connect with Mac|Life
Featured Content
10 television shows that feature our favorite Apple products.
Keep in mind that iTunes and Amazon will sell you entire seasons, which last longer...
Whether it's learning how to use the application or importing third-party calendars...
In This Month's Issue
Feature
Review
Create
Latest Mac|Life Tweets
- MacLife: Review: Sonic the Hedgehog 4 Episode II, universal for iPhone and iPad. So frustrating! http://t.co/UwBjm1Qx1 day 3 hours ago
- MacLife: Lights, Camera, Apple! So many Macs, iPhones, and iPads on TV. http://t.co/JPJ7fBVK1 day 4 hours ago
- MacLife: In this week's Law & Apple, Samsung's bizarre "anti-fanboy" defense, and Apple has a tough time in Delaware. http://t.co/oVwi51Yp1 day 4 hours ago
- MacLife: Mint's iOS app added budgeting and split transactions. Do you track your finances on an iPhone/iPad? http://t.co/c4AgVI4w1 day 5 hours ago
- MacLife: IBM blocks Siri, iCloud, and Drobpox on its employees' iPhones. Drag. But understandable too, right? http://t.co/ojuiYxiS1 day 6 hours ago
