CNet reports today that there has been an exploit found whereby any user with physical user access to a machine with MacOS X Lion installed can alter the password of an administrator account even if the account does NOT have administrator privileges. For more on this, follow the link: http://reviews.cnet.com/8301-13727_...n-passwords-can-be-changed-by-any-local-user/ Thoughts? To me this is an epic security fail on Apple's part. There's no reports that this exploit is repeatable on older MacOS X versions. So at least my Macbook is safer ... for now lol. deltatux
There are reports on security on Macs every time a new version comes out. Mac isn't perfect, but there isn't a perfect system out there.
While it is true that there's no perfect system and that everything is breakable but this is really fail, people entrust that the operating system creator would create a security system that can't be broken by something this simple. Hopefully Apple will fix this soon as this is a gaping hole in its security. deltatux
lol, that wasn't my intention. Should that have been my intention then I would have gone out of my way to point out that every operating system ever conceived is flawed. However, I would've expected Apple to be better than this and have not designed the system so that it could so easily get breached. Like seriously, didn't any Apple software engineers check this before they published it? Like my prof said this morning ... obscurity is NOT security. deltatux
Give me 30 seconds with PHYSICAL ACCESS to any machine and I can get the Administrator password or root password and give access to other accounts. Windows, Linux or Mac. It's a very very specific flaw, so you need that physical access. There are utilities out there that can give you access to a system by patching the windows kernel or Linux kernel on the fly allowing you to log directly into the machine. So it's pretty stupid to be complaining about this, or any other flaw that requires physical access.
Can happen to anyone. This. Room mate doesnt have Lion, has one of those new Sandy i5 macbooks, havent upgraded to Lion yet. I'll check if it works with older OSX versions
I'm not an apple fanboy(far from it actually, don't own a single Apple device) but I have to agree here. It's just as easy, if not easier, to change the admin password on a Windows XP, Vista or Win7 machine if you have physical access to it. This is blown way outta proportion