• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Lion security flaw makes cracking, changing passwords easier !!!!!

TattooedMac

TattooedMac


Joined
May 19, 2009
Messages
8,428
Reaction score
295
Points
83
Location
Waiting for a mate . . .
Your Mac's Specs
21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
Lion security flaw makes cracking, changing passwords easier !!!!

Lion security flaw makes cracking, changing passwords easier


According to researcher Patrick Dunstan, Directory Services' command line utility can be run by any user. By itself, this isn't necessarily a security problem, but at least two functions make it trivial to access user password hashes or even change the current user's password without administrator authentication.
Click to expand...
 
McYukon

McYukon


Joined
May 14, 2009
Messages
2,052
Reaction score
136
Points
63
Location
Near Whitehorse, Yukon
Your Mac's Specs
2012 MBP i7 2.7 GHz 15" Matte - 16 GB RAM - 120 GB Intel SSD - 500 GB DataDoubler Mac OS 10.9
Not to worry, I bet the next security update will fix it.
 
harryb2448

harryb2448


Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
There was a Security Update last week, and as Apple do not release update details, who knows?
 
osxx

osxx


Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
That and 10.7.2 is just around the corner.
 
OP
TattooedMac

TattooedMac


Joined
May 19, 2009
Messages
8,428
Reaction score
295
Points
83
Location
Waiting for a mate . . .
Your Mac's Specs
21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
Yes yes i know I just thought (i did anyways) it would be a interesting read as to where and how the hole was/is . . . .
Is the 10.7.2 GM available to developers as yet or still in the Beta ??
 
dtravis7

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
It was interesting. Thanks for posting. Not sure on 10.7.2.
 
N

Nethfel


Joined
Feb 25, 2009
Messages
2,112
Reaction score
71
Points
48
Your Mac's Specs
Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
I read the article, it is something to be concerned about. One has to wonder if this flaw also exists in earlier versions of OSX?

I am also a little concerned about the fact that no where did they mention that Apple was notified of this... They say until Apple can secure it - but usually when a security flaw has been found, the article that describes the flaw almost always made clear that Apple has been made aware of the issue - this was not the case in this article, which makes me wonder - was Apple notified? If not, why (perhaps to get some publicized recognition for the "researcher"?
 
baggss

baggss


Joined
Oct 10, 2004
Messages
10,345
Reaction score
597
Points
113
Location
Margaritaville
Your Mac's Specs
3.4 Ghz i7 MacBook Pro (2015), iPad Pro (2014), iPhone Xs Max. Apple TV 4K
This assumes 2 things:

1) "If a remote user can gain shell access". Meaning your computer has been left unsecured despite all other security protections built in. It also means you have managed to do something to make yourself a target. Fair enough, but a fairly big "IF" IMO.

2) The person has physical access to your computer, in which case you managed to lose it somehow. This is probably the bigger of the two threats, frankly anyone who knows anything abut OSX can steal your computer and change the password, it's not rocket science.

In the end, while it is a flaw and does need to be fixed, I won't be getting my panties all bunched up over it.
 
OP
TattooedMac

TattooedMac


Joined
May 19, 2009
Messages
8,428
Reaction score
295
Points
83
Location
Waiting for a mate . . .
Your Mac's Specs
21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
Nethfel said:
I am also a little concerned about the fact that no where did they mention that Apple was notified of this... They say until Apple can secure it - but usually when a security flaw has been found, the article that describes the flaw almost always made clear that Apple has been made aware of the issue - this was not the case in this article, which makes me wonder - was Apple notified? If not, why (perhaps to get some publicized recognition for the "researcher"?
Click to expand...

Thats a good point and one that i over looked. Will be interesting to see if they push through the X.7.2 GM or will they knock up a patch specifically for the security issue. As usual we can only wait until  decide to pull there finger out.

Cheers
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top