Huge Security Hole in Lion

Discussion in 'Mac OS X Lion (10.7)' started by ScottishDuck, Sep 21, 2011.

  1. ScottishDuck macrumors 6502a

    ScottishDuck

    Joined:
    Feb 17, 2010
    Location:
    Argyll, Scotland
    #1
    http://www.businessinsider.com/how-to-hack-mac-os-x-lion-passwords-2011-9

    Anyone can get your root password, even remotely, if you do not have disk encryption enabled.
     
  2. MetalMoon macrumors member

    Joined:
    Dec 11, 2010
    Location:
    San Jose
    #2
    Not really a problem unless you have sketch people using your computer. I usually lock my computer screen when I leave, so not really a big security hole. Besides, if you leave your computer logged on, can't they access your files anyway?
     
  3. Peace macrumors Core

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #3
    the bugs enable non-administrative users of a computer running Lion — including users who've been given remote access — to change the victim's password without first verifying that they are, in fact, the legitimate owner of the computer.

    While this is still a security bug the remote part needs to be given access locally.
     
  4. sidewinder macrumors 68020

    sidewinder

    Joined:
    Dec 10, 2008
    Location:
    Northern California
    #4
    Easy fix until Apple gets around to it from within the Terminal app:

    sudo chmod go-x /usr/bin/dscl

    If you rebuild permissions you will probably need to do it again.

    S-
     

Share This Page