OS X Lion Plagued by Password Vulnerability, Skype iOS App by XSS Vulnerability
Article by George Norman
On 21 Sep 2011
It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered that someone with physical access to a Lion-powered Mac can, using a Terminal command, change the currently logged in user's password without knowing the existing password. The logged in user or any other user on Lion would not know that his password was changed, not until he tried to log in anyway.

The good news is that the Terminal command needed to change the password is not something that a regular user is familiar with. The other good news is that even if the user knows the terminal command, he needs physical access to the Lion-powered Mac.


Security company Intego advise that you take a few precautionary methods, especially if you share your Mac with others. Here are the precautions in question:
- Disable automatic login. This means that every time you start your Mac up, you will need to type in you password. It can be a bit of a bother, but it’s better from a security point of view.
- Set it up so that Lion will prompt you for a password when after sleep or after the screensaver begins.
- Use a different password for your keychain.

Security company Sophos adds the following advice:
- Do not use a password that can be compromised by brute force attacks.
- Do not leave your Mac logged in and unattended. Lock the screen when you leave your Mac.

There are no reports of this vulnerability being exploited in the wild.

Moving on, the Skype iOS app is plagued by a vulnerability (an XSS bug combined with an incorrect WebKit setting) that could grant an attacker access to files stored on the iOS-powered device. Security researcher Phil Purviance of AppSec found out that by exploiting JavaScript code, an attacker could steal the user’s entire address book. Skype confirmed the vulnerability and said it is working hard on a fix.

Tags: Apple, Mac OS X, Lion, Skype, iOS, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 09 Aug 2017
Android started out as an underdog, as the mobile operating system that nobody took seriously. Big-name tech companies laughed it off and critics said it would fail miserably, but Android proved them all wrong and become the powerhouse that it is today.
By George Norman on 28 Jul 2017
If you’re a big name famous person and Apple comes knocking at your door, you’re not going to say no. After all, we’ve seen celebrities use their star power to endorse technology time and time again.
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
OS X Lion Plagued by Password Vulnerability, Skype iOS App by XSS Vulnerability
HTML Linking Code