Pinterest Stumbleupon Whatsapp
Ads by Google

The user password on an OS X Lion Apple's New Mac OSX Lion: What You Need To Know [News] Apple's New Mac OSX Lion: What You Need To Know [News] Apple recently announced the July release of the new Mac OSX Lion, which comes as the successor to Mac OS Snow Leopard. Mac Snow Leopard users will be able to download Lion using the Mac... Read More system is an important bit of information. It is required not only to log in, but also to make important system changes. If you know it, you’ll be able to make changes to important system settings, which means any attack against it is a concern.

Patrick Dunstan of the blog Defence in Depth has discovered an exploit that uses a command line program to retrieve password hashes and, more importantly, change account passwords without any form of authentication. Type in the proper command and a prompt for changing an account’s user password appears.

Such an attack has severe implications, as it would both give an attacker full user account access and lock out the legitimate user. The good news is that accessing this command line program generally requires physical access to the computer, although it’s conceivable for an attacker with remote access to pull off this trick as well.

Apple has not yet responded, which isn’t surprising, as Defence in Depth only posted this exploit on September 18th. There has been little time for Cupertino to react with a patch. In the meantime, users should be careful to limit physical access to their computers and keep website visits on the straight-and-narrow. You could also try installing a third-party firewall to prevent unwanted remote access.

Source: Macworld

Ads by Google

Leave a Reply

Your email address will not be published. Required fields are marked *