It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered that someone with physical access to a Lion-powered Mac can, using a Terminal command, change the currently logged in user's password without knowing the existing password. The logged in user or any other user on Lion would not know that his password was changed, not until he tried to log in anyway.

The good news is that the Terminal command needed to change the password is not something that a regular user is familiar with. The other good news is that even if the user knows the terminal command, he needs physical access to the Lion-powered Mac.

Security company Intego advise that you take a few precautionary methods, especially if you share your Mac with others. Here are the precautions in question:
- Disable automatic login. This means that every time you start your Mac up, you will need to type in you password. It can be a bit of a bother, but it’s better from a security point of view.
- Set it up so that Lion will prompt you for a password when after sleep or after the screensaver begins.
- Use a different password for your keychain.

Security company Sophos adds the following advice:
- Do not use a password that can be compromised by brute force attacks.
- Do not leave your Mac logged in and unattended. Lock the screen when you leave your Mac.

There are no reports of this vulnerability being exploited in the wild.

Moving on, the Skype iOS app is plagued by a vulnerability (an XSS bug combined with an incorrect WebKit setting) that could grant an attacker access to files stored on the iOS-powered device. Security researcher Phil Purviance of AppSec found out that by exploiting JavaScript code, an attacker could steal the user’s entire address book. Skype confirmed the vulnerability and said it is working hard on a fix.