Software Exploits Mac OS X Lion Login Passwords Vulnerability

News
By Douglas Perry
published

Apple's operating systems still enjoy a perception of strong security despite the fact that vulnerabilities for both iOS and Mac OS X are discovered on a continuous basis and Apple's pace of providing patches is rather unpredictable.

Mac OS X Lion is not an exception and we are hearing that login passwords that are stored in the system memory, even when the computer is in sleep mode or locked, are used to get possibly unauthorized access to a system.

Passware said that a new version of its Passware Kit Forensic V11 can retrieve passwords from a Mac OS X Lion computer in a few minutes. The software uses the content that is stored in the system memory and reads it via Firewire. According to Passware, the password can easily be extracted regardless of password strength. "Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion," said Passware president Dmitry Sumin in a statement.

The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and not let it sit in sleep mode on your desk - which seems to be rather common sense. If there is critical and sensitive content on your Mac, you just don't let it sit running in a location where others can easily access it while you are away.

Douglas Perry
39 Comments Comment from the forums
  • Jerky_san
    Guess you'll be iScrewed if someone uses this on you and "plays a joke" later...
    Reply
  • WyomingKnott
    "The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and..." leave it that way.
    Reply
  • Over Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.
    Reply
  • GreaseMonkey_62
    Anyone else find it funny?
    Reply
  • amk-aka-Phantom
    Nothing surprising. It's a well-known fact that the supposed invulnerability of Mac OS is just a myth - it's more like no one really bothered with it due to low percentage of Mac OS users. More Mac OS users - more attention from the malware. Though, in the last two years the malware stuff eased off from all OSs... or is it just me? ;)
    Reply
  • leo2kp
    lol.
    Reply
  • Jath
    So, just a question, since I'm not familiar with Macs at all. Does Mac OS X run on the Macbooks? Because it would be ironic that the 'gain access to the system' vulnerability that's needed for that battery problem just suddenly 'appeared'.
    Reply
  • mobrocket
    if this is the case, just steal the whole mac and sell it to some iMoron for 4x the cost of a normal PC...
    Reply
  • ivan_chess
    PatAugustineOver Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.
    Public computer labs or school computers are easy to get to. That would be a treasure trove of passwords.
    Reply
  • This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.
    Reply