Defence in Depth has discovered a security risk in Mac OS X Lion that lets local users change the passwords of any account, reports CNET.
The site explains that OS X user passwords and encrypted and stored in "shadow files" which are placed in secure locations on your hard drive. Security permissions only allow the owner and administrators to access these files.
Unfortunately, recent discoveries have shown that in OS X Lion this security structure is not intact, and any user on the system can modify the passwords of other local accounts quite easily. The problem at hand appears to be because of a permissions oversight that allows all users search access to the system's directory services.
Recommended Steps Until Apple Releases Fix: 1. Disable automatic log-in 2. Enable sleep and screensaver passwords 3. Disable Guest accounts 4. Parental Controls 5. Manage users on the system
Apple news, rumors, tutorials, price drop alerts, in your inbox every evening, free.
Unsubscribe at any time.
Success!
You have been subscribed.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (6)
Comments are closed for this article.
0
Lm - September 20, 2011 at 12:56pm
Shocking!! Thats why i dont use mac os.
0
Andrew - September 20, 2011 at 4:13am
Sadly I reflect Apple OS being labeled 99% virus free and no need for firewalls or defrag utilities... But the Window users were right. The only reason that was the case was but it made no sense to hack such a small community. But as Apple continues to market to the masses and make it everybody friendly... Norton's Symantec will be needed for Mac as well as PCs running Windows.
0
Saeq - September 20, 2011 at 10:28am
Do you work for Norton?
0
CASEACE79 - September 20, 2011 at 12:09pm
Norton sucks. Even AVG free has better virus protection. Norton is a joke.
0
Andrew - September 20, 2011 at 3:55pm
No fanboy ... Where's chum chum? I work for myself. I'm a studio engineer... I own and operate myself.
0
DacksMac - September 21, 2011 at 1:03am
Fortunately for Mac users Apple makes and creates FREE updates to kill off possible virus attacks. To bad Windows doesn't offer the same free handout :(
![Low-Cost MacBook Colors Were Originally Planned for M2 MacBook Air [Rumor]](/images/news/99984/99984/99984-160.jpg "Low-Cost MacBook Colors Were Originally Planned for M2 MacBook Air [Rumor]")
![Apple Seeds Xcode 26.3 RC 2 With Claude 4.6 Support [Download]](/images/news/99980/99980/99980-160.jpg "Apple Seeds Xcode 26.3 RC 2 With Claude 4.6 Support [Download]")
![Apple Watch Series 11 Now $299, 46mm Model Also at Record Low [Deal]](/images/news/99986/99986/99986-160.jpg "Apple Watch Series 11 Now $299, 46mm Model Also at Record Low [Deal]")
![Expired: Save $900 on Apple's 11-Inch M4 iPad Pro 2TB With Nano-Texture Glass [Deal]](/images/news/99982/99982/99982-160.jpg "Expired: Save $900 on Apple's 11-Inch M4 iPad Pro 2TB With Nano-Texture Glass [Deal]")
![11-Inch M5 iPad Pro Hits New All-Time Low at $799.91 [Deal]](/images/news/99962/99962/99962-160.jpg "11-Inch M5 iPad Pro Hits New All-Time Low at $799.91 [Deal]")
![11-inch M5 iPad Pro (1TB) Drops to All-Time Low of $1,449 [Deal]](/images/news/99924/99924/99924-160.jpg "11-inch M5 iPad Pro (1TB) Drops to All-Time Low of $1,449 [Deal]")
![Original AirTag Drops to All-Time Low Price of $17 [Deal]](/images/news/99856/99856/99856-160.jpg "Original AirTag Drops to All-Time Low Price of $17 [Deal]")
