Tuesday, 20 September 2011

Rotten Apple?

I was surprised by the news that an attacker can potentially change a user's password on Apple's OS X Lion without knowing the owner's existing credentials - after all, the OS X is "[b]uilt on a rock-solid UNIX foundation", so system changes must require password authorization, right?

Apparently not!

I don't expect this to be a widespread exploit, not least because an attacker needs access to the machine while the owner is logged-on and Apple users are protected by a relatively low market share; but it beggars belief that Apple could drop such a clanger.

Sources & References:

No comments:

Post a Comment