Any user on the system can modify the passwords of other local accounts
Unfortunately, recent discoveries have shown that in OS X Lion this security structure is not intact, and any user on the system can modify the passwords of other local accounts quite easily. The problem at hand appears to be because of a permissions oversight that allows all users search access to the system's directory services.
Please note: This problem only appears to be a risk if your system is accessed directly by a hacker who has the ability to log in and access the directory services with a tool that can modify the directory services' settings. Setting up a more restrictive environment for accounts on the system should be enough to prevent this latest flaw from being taken advantage of until Apple releases a patch to fix the problem.
Refer here to read more details on CNET.
No comments:
Post a Comment