Huge Security Hole in Lion

[ScottishDuck]

http://www.businessinsider.com/how-to-hack-mac-os-x-lion-passwords-2011-9

On Sunday, September 19th, an exploit for the latest Mac OS X 10.7 "Lion" was discovered by Patrick Dunstan. This exploit allows for an attacker, even remotely, to request to have the root user's password changed without knowing the password to the system beforehand. This would lead to the legitimate owner of the system getting locked out, as well as all of their files being compromised (unless disc encryption was in place). Let's go over why this happens, and how to stop it until a patch comes out.

Anyone can get your root password, even remotely, if you do not have disk encryption enabled.

 

[MetalMoon]

Not really a problem unless you have sketch people using your computer. I usually lock my computer screen when I leave, so not really a big security hole. Besides, if you leave your computer logged on, can't they access your files anyway?

 

[Peace]

the bugs enable non-administrative users of a computer running Lion — including users who've been given remote access — to change the victim's password without first verifying that they are, in fact, the legitimate owner of the computer.

While this is still a security bug the remote part needs to be given access locally.

 

[sidewinder]

Easy fix until Apple gets around to it from within the Terminal app:

sudo chmod go-x /usr/bin/dscl

If you rebuild permissions you will probably need to do it again.

S-