Software Exploits Mac OS X Lion Login Passwords Vulnerability
Apple's operating systems still enjoy a perception of strong security despite the fact that vulnerabilities for both iOS and Mac OS X are discovered on a continuous basis and Apple's pace of providing patches is rather unpredictable.
Mac OS X Lion is not an exception and we are hearing that login passwords that are stored in the system memory, even when the computer is in sleep mode or locked, are used to get possibly unauthorized access to a system.
Passware said that a new version of its Passware Kit Forensic V11 can retrieve passwords from a Mac OS X Lion computer in a few minutes. The software uses the content that is stored in the system memory and reads it via Firewire. According to Passware, the password can easily be extracted regardless of password strength. "Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion," said Passware president Dmitry Sumin in a statement.
The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and not let it sit in sleep mode on your desk - which seems to be rather common sense. If there is critical and sensitive content on your Mac, you just don't let it sit running in a location where others can easily access it while you are away.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
WyomingKnott "The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and..." leave it that way.Reply -
Over Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.Reply
-
amk-aka-Phantom Nothing surprising. It's a well-known fact that the supposed invulnerability of Mac OS is just a myth - it's more like no one really bothered with it due to low percentage of Mac OS users. More Mac OS users - more attention from the malware. Though, in the last two years the malware stuff eased off from all OSs... or is it just me? ;)Reply -
Jath So, just a question, since I'm not familiar with Macs at all. Does Mac OS X run on the Macbooks? Because it would be ironic that the 'gain access to the system' vulnerability that's needed for that battery problem just suddenly 'appeared'.Reply -
mobrocket if this is the case, just steal the whole mac and sell it to some iMoron for 4x the cost of a normal PC...Reply -
ivan_chess PatAugustineOver Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.Reply
Public computer labs or school computers are easy to get to. That would be a treasure trove of passwords. -
This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.Reply