Security researcher Patrick Dunstan
has released his findings on Apple's latest operating system OS 10.7, aka Lion
, and it doesn't look good. He found that if provided with physical access, a nefarious person could recover administrator passwords,
or even change those passwords, without any special privileges.
Here's how password security is supposed to work on a Mac: Passwords are stored in "shadow files" which are buried deep in the system's file structure, and only accessible by someone logged in with an administrator password. Dunstan's research has shown, however, that in the new version of the operating system, these files can be accessed by any user and passwords extracted. More troubling is his discovery that, with a little prodding, someone with access to the computer's Terminal
command line app can change the administrator's password themselves.