OS X Lion Plagued by Password Vulnerability, Skype iOS App by XSS Vulnerability
It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered that someone with physical access to a Lion-powered Mac can, using a Terminal command, change the currently logged in user's password without knowing the existing password. The logged in user or any other user on Lion would not know that his password was changed, not until he tried to log in anyway.
The good news is that the Terminal command needed to change the password is not something that a regular user is familiar with. The other good news is that even if the user knows the terminal command, he needs physical access to the Lion-powered Mac.
Security company Intego advise that you take a few precautionary methods, especially if you share your Mac with others. Here are the precautions in question:
- Disable automatic login. This means that every time you start your Mac up, you will need to type in you password. It can be a bit of a bother, but it’s better from a security point of view.
- Set it up so that Lion will prompt you for a password when after sleep or after the screensaver begins.
- Use a different password for your keychain.
Security company Sophos adds the following advice:
- Do not use a password that can be compromised by brute force attacks.
- Do not leave your Mac logged in and unattended. Lock the screen when you leave your Mac.
There are no reports of this vulnerability being exploited in the wild.
Moving on, the Skype iOS app is plagued by a vulnerability (an XSS bug combined with an incorrect WebKit setting) that could grant an attacker access to files stored on the iOS-powered device. Security researcher Phil Purviance of AppSec found out that by exploiting JavaScript code, an attacker could steal the user’s entire address book. Skype confirmed the vulnerability and said it is working hard on a fix.
Tags: Apple, Mac OS X, Lion, Skype, iOS, Security
The good news is that the Terminal command needed to change the password is not something that a regular user is familiar with. The other good news is that even if the user knows the terminal command, he needs physical access to the Lion-powered Mac.
Advertising
Security company Intego advise that you take a few precautionary methods, especially if you share your Mac with others. Here are the precautions in question:
- Disable automatic login. This means that every time you start your Mac up, you will need to type in you password. It can be a bit of a bother, but it’s better from a security point of view.
- Set it up so that Lion will prompt you for a password when after sleep or after the screensaver begins.
- Use a different password for your keychain.
Security company Sophos adds the following advice:
- Do not use a password that can be compromised by brute force attacks.
- Do not leave your Mac logged in and unattended. Lock the screen when you leave your Mac.
There are no reports of this vulnerability being exploited in the wild.
Moving on, the Skype iOS app is plagued by a vulnerability (an XSS bug combined with an incorrect WebKit setting) that could grant an attacker access to files stored on the iOS-powered device. Security researcher Phil Purviance of AppSec found out that by exploiting JavaScript code, an attacker could steal the user’s entire address book. Skype confirmed the vulnerability and said it is working hard on a fix.
Tags: Apple, Mac OS X, Lion, Skype, iOS, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 03 Apr 2012
Intego, company that provides security solutions for Mac, unveiled its new logo and new website 
By George Norman on 02 May 2012
Apple has recently announced that it will host its annual Worldwide Developers Conference (WWDC for short) at Moscone West, in San Francisco, from the 11th of June until the 14th of June
By George Norman on 28 Mar 2012
On Tuesday, March 27, security company Avira presented its new security solution for Mac, the appropriately named Avira Free Mac Security
By George Norman on 22 Feb 2012
A data loss incident that leaves you without much needed information is pretty bad. A data loss incident that leaves you without your music collection is a dreadful thingAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
OS X Lion Plagued by Password Vulnerability, Skype iOS App by XSS Vulnerability
HTML Linking Code
HTML Linking Code