Sign in with
Sign up | Sign in

Software Exploits Mac OS X Lion Login Passwords Vulnerability

By - Source: Passware | B 39 comments

Apple's operating systems still enjoy a perception of strong security despite the fact that vulnerabilities for both iOS and Mac OS X are discovered on a continuous basis and Apple's pace of providing patches is rather unpredictable.

Mac OS X Lion is not an exception and we are hearing that login passwords that are stored in the system memory, even when the computer is in sleep mode or locked, are used to get possibly unauthorized access to a system.

Passware said that a new version of its Passware Kit Forensic V11 can retrieve passwords from a Mac OS X Lion computer in a few minutes. The software uses the content that is stored in the system memory and reads it via Firewire. According to Passware, the password can easily be extracted regardless of password strength. "Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion," said Passware president Dmitry Sumin in a statement.

The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and not let it sit in sleep mode on your desk - which seems to be rather common sense. If there is critical and sensitive content on your Mac, you just don't let it sit running in a location where others can easily access it while you are away.

Discuss
Display all 39 comments.
This thread is closed for comments
Top Comments
  • 30 Hide
    WyomingKnott , July 27, 2011 5:13 PM
    "The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and..." leave it that way.
  • 23 Hide
    Anonymous , July 27, 2011 5:15 PM
    Over Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.
  • 18 Hide
    Jerky_san , July 27, 2011 4:51 PM
    Guess you'll be iScrewed if someone uses this on you and "plays a joke" later...
Other Comments
  • 18 Hide
    Jerky_san , July 27, 2011 4:51 PM
    Guess you'll be iScrewed if someone uses this on you and "plays a joke" later...
  • 30 Hide
    WyomingKnott , July 27, 2011 5:13 PM
    "The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and..." leave it that way.
  • 23 Hide
    Anonymous , July 27, 2011 5:15 PM
    Over Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.
  • 4 Hide
    GreaseMonkey_62 , July 27, 2011 5:17 PM
    Anyone else find it funny?
  • 11 Hide
    amk-aka-Phantom , July 27, 2011 5:34 PM
    Nothing surprising. It's a well-known fact that the supposed invulnerability of Mac OS is just a myth - it's more like no one really bothered with it due to low percentage of Mac OS users. More Mac OS users - more attention from the malware. Though, in the last two years the malware stuff eased off from all OSs... or is it just me? ;) 
  • -2 Hide
    leo2kp , July 27, 2011 5:35 PM
    lol.
  • 2 Hide
    Jath , July 27, 2011 5:57 PM
    So, just a question, since I'm not familiar with Macs at all. Does Mac OS X run on the Macbooks? Because it would be ironic that the 'gain access to the system' vulnerability that's needed for that battery problem just suddenly 'appeared'.
  • 5 Hide
    mobrocket , July 27, 2011 6:00 PM
    if this is the case, just steal the whole mac and sell it to some iMoron for 4x the cost of a normal PC...
  • 3 Hide
    ivan_chess , July 27, 2011 6:00 PM
    PatAugustineOver Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.


    Public computer labs or school computers are easy to get to. That would be a treasure trove of passwords.
  • -1 Hide
    Anonymous , July 27, 2011 6:16 PM
    This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.
  • 12 Hide
    Yuka , July 27, 2011 6:40 PM
    Paul IIThis same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.


    But we all know that Microsoft actually gives out patches right away and accepts that there are vulnerabilities at least. It's not the factual issue we laugh at, it's from the attitude Apple has towards it's "ecosystem". There is no fun in losing your password to a script kiddie thanks to the OS maker being irresponsible to deliver patches ASAP for (known) vulnerabilities.

    Cheers!
  • 7 Hide
    jackbling , July 27, 2011 6:44 PM
    Paul IIThis same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.


    the program pulls the pass from hash tables, every system is vulnerable to this once local access is gained. What makes this news, is that an unsecured firewire port can be used while the system is in hibernate mode to read the tables loaded in the memory, skipping that standard, gain local access step.
  • 1 Hide
    Khimera2000 , July 27, 2011 6:54 PM
    that didn't take long...

    happy its not me, funny because apple didn't announce it just like the last major security risk, and sad that apple made it so easy to compromise so much users.

    odd question does this effect boot camp in any way?
  • -4 Hide
    Anonymous , July 27, 2011 7:04 PM
    @Khimera2000: how exactly does this "compromise so much users"? (nice Engrish, btw) You need PHYSICAL ACCESS to the machine in order to pull this off - anybody who really wants your data at that point can just STEAL the thing...
  • 6 Hide
    applegetsmelaid , July 27, 2011 7:12 PM
    Mac user response: "LA LA LA LA LA" with their fingers in their ears.
  • 0 Hide
    nebun , July 27, 2011 7:20 PM
    in order for this to work, someone needs to phisically touhc your computer....no one is touching my laptop....problem fixed
  • 5 Hide
    cyprod , July 27, 2011 7:20 PM
    ummm, to the people saying "if you have local access blah blah blah", have any of you ever heard of this thing called drive encryption?

    Let me explain since you apple zealots need excuses for everything as to why any flaw with what the divine Jobs produces under his eye. On my windows box, if I leave the computer locked, someone could come and take the computer, but they wouldn't be able to unlock it without the password. Additionally, since I encrypt my hard drive, without the password, even direct access to the hard drive doesn't help with getting the data. With this, it sounds as if a user in an idle state, i.e. system locked but running, another person can plug something in and extract the passwords, thus enabling them to un-encrypt the data and gain full access. Do you see the problem? This would also then allow a malicious person to then, say, hypothetically, install keyloggers and such to gain other information. You people think way too much in the consumer world where someone stealing your stuff is the biggest worry and never consider the much bigger threat of compromised systems.

    This apparently doesn't affect other platforms because though you can extract the passwords from memory, you need to be logged in to do it as they won't autorun a device if nobody is logged in, which apparently is not the case in apple land. I will admit this is conjecture as I'm not intimately familiar with the vulnerability, but this appears to be what's going on.
  • -2 Hide
    ap3x , July 27, 2011 7:22 PM
    Khimera2000that didn't take long...happy its not me, funny because apple didn't announce it just like the last major security risk, and sad that apple made it so easy to compromise so much users.odd question does this effect boot camp in any way?


    There is no need to announce it, it is not a vulnerability. You can download BartPE cd and reset all versions of windows for free. You can boot most flavors of Unix into single user mode and reset their passwords for free. Hell you can copy the passwd and the shadow files and get all the username and group permission information as well. there are thousands of tools out there to crack windows hash information. The only way to stop it is to have a password that is 13+ characters or more and Windows will not store the hash in the registry. How many people here have that kind of password? Zero..

    No computer is bullet proof and no computer is secure when physical access is there.

    Out of the box no commercial OS is hardend. That is because they have to allow you to configure what services you want to use. Linux is actually one of the worst in that regard. Windows 7 has done a fairly good job but Lion is rock solid. What makes a difference in security between unix type and Windows type OS's is the fact that you have access all the way down to the kernel in Unix OS's so you can harden the hell out of the OS because you have more control.

    These day's we have some really solid OS options. Windows 7, OSX Lion, Linux have really grown up. Apple happens to have obscurity on their side because they have and probably will have the minory users for the forseeable future where is Windows is entrinched everywhere and as such OSX is much more secure and apple is free to shore things up because the floodgates open.

    Nothing is bullet proof with physical access, nothing at all. This article is just biased.

    Oh and Boot Camp just provides a way to dual boot between OSX and Windows. It is not directly effected but the same methods apply to break into any OS you install on a Mac or PC dual boot or not.
  • 1 Hide
    applegetsmelaid , July 27, 2011 7:28 PM


  • 4 Hide
    aracheb , July 27, 2011 7:32 PM
    engrishforeverybody@Khimera2000: how exactly does this "compromise so much users"? (nice Engrish, btw) You need PHYSICAL ACCESS to the machine in order to pull this off - anybody who really wants your data at that point can just STEAL the thing...

    you know that you can emulate a device easy right?
    and with so much vulnerability that Mac OS have, installing ghost drivers and emulating a virtual fire wire port you have full access... (it is memory access in the code) and memory access can be emulated easy. Don't try to protect a vulnerability with your level of intellect about technology dude. He might not have a good level of english but your level of technology knowledge is nonexistent
Display more comments