Mac OS X Lion flaw gives opportunity attacker changing victim’s password
By Gina on September 23, 2011 | Vulnerabilities, Mac OS X Lion, command-line program dscl, vulnerability, flaw, Mac OS X Lion hole, changing password
Vulnerability in one of Mac OS X Lion’s command-line utilities makes it easier for attacker to attacker to change user’s password without knowing the real one.
The command-line program dscl is a multi-purpose utility for interacting with Directory Services nodes. It seems like this can be also used for malicious purpose which is to change user’s password without knowing the current one.
However, the attacker needs physical access to a computer where targeted computer account is logged in or they need to have remote access to the account. It is confirmed that the password may be changed without knowing the real one; however, it can’t be changed of several accounts by using the same machine. It is worth to know, if the currently logged in account has administrator privileges, changing its password essentially gives the attacker elevated privileges for your Mac.
Furthermore, this vulnerability wasn’t commented in any way by Apple and Mac users are still foggy about what to do with this flaw and how to protect their computer. While waiting update which will patch the flaw, you need to avoid clicking on unknown links, advertisements, downloading less reliable programs or visiting suspicious websites.
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
