OS X Lion Plagued by Password Vulnerability, Skype iOS App by XSS Vulnerability
Article by George Norman
On 21 Sep 2011
It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered that someone with physical access to a Lion-powered Mac can, using a Terminal command, change the currently logged in user's password without knowing the existing password. The logged in user or any other user on Lion would not know that his password was changed, not until he tried to log in anyway.

The good news is that the Terminal command needed to change the password is not something that a regular user is familiar with. The other good news is that even if the user knows the terminal command, he needs physical access to the Lion-powered Mac.


Security company Intego advise that you take a few precautionary methods, especially if you share your Mac with others. Here are the precautions in question:
- Disable automatic login. This means that every time you start your Mac up, you will need to type in you password. It can be a bit of a bother, but it’s better from a security point of view.
- Set it up so that Lion will prompt you for a password when after sleep or after the screensaver begins.
- Use a different password for your keychain.

Security company Sophos adds the following advice:
- Do not use a password that can be compromised by brute force attacks.
- Do not leave your Mac logged in and unattended. Lock the screen when you leave your Mac.

There are no reports of this vulnerability being exploited in the wild.

Moving on, the Skype iOS app is plagued by a vulnerability (an XSS bug combined with an incorrect WebKit setting) that could grant an attacker access to files stored on the iOS-powered device. Security researcher Phil Purviance of AppSec found out that by exploiting JavaScript code, an attacker could steal the user’s entire address book. Skype confirmed the vulnerability and said it is working hard on a fix.

Tags: Apple, Mac OS X, Lion, Skype, iOS, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
OS X Lion Plagued by Password Vulnerability, Skype iOS App by XSS Vulnerability
HTML Linking Code