I was surprised by the news that an attacker can potentially change a user's password on Apple's OS X Lion without knowing the owner's existing credentials - after all, the OS X is "[b]uilt on a rock-solid UNIX foundation", so system changes must require password authorization, right?
I don't expect this to be a widespread exploit, not least because an attacker needs access to the machine while the owner is logged-on and Apple users are protected by a relatively low market share; but it beggars belief that Apple could drop such a clanger.
Sources & References:
- The Register: Apple makes a hash of password security (again)
- Apple: OS X Lion
No comments:
Post a Comment