Mac OS X Lion Vulnerable to Local Password Hack Attacks
![Mac OS X Lion Vulnerable to Local Password Hack Attacks [Apple's Latest Mac OS Version Vulnerable to Password Retrieval or Change Even Without Admin Privileges]](http://tftscdn3.nexus404.com/Blog/thumbnailimages/alt/MAC-OS-Lion-OS-Logo-with-MacBook-AirTFTSThumb220153.jpg){kind=logo}
Apple’s Mac OS X is often thought to be more secure than other operating systems because of its BSD underpinnings and smaller market share relative to other desktop OSes. However, a permissions oversight in OS X 10.7 Lion leaves user passwords vulnerable to changes even without administrator privileges.
This vulnerability has been detailed in a post on security blog Defence in Depth, where Patrick Dunstan writes how passwords stored in OS X Lion are not secure because the “shadow files” where the encrypted data are stored are easily accessible to local users.
It appears in the redesign of OS X Lion’s authentication scheme a critical step has been overlooked. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data. This is accomplished by extracting the data straight from Directory Services.
In previous versions of Mac OS X — such as Tiger, Leopard and Snow Leopard — the same procedure can be used to retrieve passwords, which is to retrieve the system-generated user-ID, and then use this to extract password hashes, which can be used to retrieve user passwords. With OS X Lion, though, a local user can even change any other user’s password even without having administrator access, as Directory Services no longer requires authentication when changing passwords
This opens up the possibility for completely taking over a system even with a Guest account, since a local user — or a user with SSH access to your Mac — can practically change the administrator password, and then gain full access.
How to Protect Your System
The security vulnerability has two limitations, which are that the hacker will need (1) local access to your computer, and (2) access to directory services. While most Mac users will probably think their computers are safe in their offices or homes, consider that a malicious hacker can gain “local” access via SSH. And with physical access to your computer — such as a break-in, MacBook theft, or a colleague fiddling with your office Mac — it can easily be compromised. Cnet’s Topher Kessler suggests doing the following to protect your system.
- Disable automatic log-in;
- Enable sleep and screensaver passwords to prevent local access while you’re away;
- Disable Guest accounts;
- Limit other user accounts, such as by using Parental Controls.
Apple has yet to release a patch for this issue, so if you’re using Lion, consider your system to be a potential target.
Credit: Source.Apple Patent Seeks to Incorporate Password Information in Chargers, Printers, Routers & Other Devices For Recovery
Apple Not To Release USB Key For Mountain Lion Installs Or Recovery, Apple Has Finally Ditched All Physical Media
Apple iPad, The Third Generation Model Will Be Available In 10 Countries On March 16th, In-Store Sales Will Begin At 8AM Local Time
Latest Twitter For BlackBerry Update Brings Version 3.0 With "Deep" BBM Integration & More
A New Kinect Hack Hooks Up The Kinect To An Enormous Organ In Australia, Raises The Musical Kinect Hack Stakes
Breaking News
The TFTS Team
