Great. Trivial hack gives any Lion user admin access

Great. Trivial hack gives any Lion user admin access

Summary: A security blog has posted a relatively simple way to crack Lion passwords - even from non-admin accounts.


Just when you thought it was safe to go on the prowl with Lion, it turns out that it could actually turn against you and m... ok, enough with the Lion metaphors.

There's a new, and potentially nasty vulnerability in Apple's Mac OS X Lion -- the company's exclusively-Internet-distributed major OS upgrade. It turns out the Apple should have probably put a few more QA engineers on the product.

Sunday night security blog "Defence in Depth" wrote that it's trivial to crack Lion passwords -- even from non-admin accounts.

In late 2009, the security blog "Defence in Depth" covered a method for cracking OS X passwords where users could extract the password hash for other users on the system; however, doing this ultimately required admin privileges. The post outlined that technically on systems prior to OS X 10.7 that user passwords could be extracted, but this ultimately could only be done by people with administrative passwords. Recently the blog outlined the new findings in Lion, where this can now be done by nonadmin users.

Tip of the hat to Topher Kessler (one of my countrymen at CNET) for uncovering this new Lion threat.

Apple, you're on the clock.

Topics: Apple, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Great. Trivial hack gives any Lion user admin access

    until when is Apple going to lie poor users who think that OS X is most secure system of all despite the fact that very often we are reading about different security flaws ...
    • I havent built an OS...

      so if you have and yours was perfect, you might have some grounds for picking at flaws of a complex design. You have a lesser tally of flaws in Windows? with the same time in market? Most people are savy enough to wait on major upgrades anyway. Cheers
  • RE: Great. Trivial hack gives any Lion user admin access

    Blame it on Microsoft!
  • RE: Great. Trivial hack gives any Lion user admin access

    I recall an article here recently about holding off on upgrading to Lion in the enterprise... seems as if the author was on to something.
  • RE: Great. Trivial hack gives any Lion user admin access

    Apparently this doesn't work. Unless you have access to the machine AND you know the old password. Funny your countryman didn't mention that.
    • RE: Great. Trivial hack gives any Lion user admin access

      @CowLauncher OK.....It is a PC, not a server. access to the machine is trivial. And, it is any password. If the machine has 10 accounts, you can hack the other 9.
      Your Non Advocate
      • OS X was never designed to be a networked multi-user OS

        MacOS is a single user, non networked OS with a bunch of patches and bandaids and security added on as an afterthought. That is why knowing 1 password on an OS X box is enough to get access to any other password on OS X.

        Apple makes great hardware but their software is truly terrible.
      • RE: Great. Trivial hack gives any Lion user admin access


        Their software is ancient. Mac OS X hasn't been fundamentally modified in at least century.
        The one and only, Cylon Centurion
      • Where do you get this stuff?


        For the sake of folks who might otherwise be confused by your post, the OLD MacOS (pre-OSX) was a single-user OS ... but it actually was designed with networking from the start (AppleTalk). In fact, to the best of my knowledge, it was the first desktop computer with true built-in networking (beyond a dial-up modem). Of course, since it had no underlying command-line interface, it was virtually impossible to hack -- you couldn't send it commands.

        OS X, on the other hand, is built on BSD Unix, which is one of the longest-running variants of Unix and has had TCP/IP networking baked in since at least 1983 and was actually used widely by the US Government, military and colleges and universities for building out the ARPANET (that thing we call the internet, today). But obviously the three decades of history that proves that OS X is actually a networked OS is incorrect. They just haven't updated the historical records yet to set things straight.

        Were I to be petty at this point, I might ask: And what role did Windows have in building out the internet? But since Windows didn't even exist in the mid-80s, that would be silly of me to ask such a question. It would be even more silly, since Windows didn't even come with TCP/IP built-in until Win3.1 in 1992.

        Ohh ... I get it! YOU were the one who was confused, because history clearly shows that it was actually MS-DOS and Windows that were designed as single-user, non-networked desktop systems. Nevermind.
      • Get your facts right please...

        @toddybottom : MacOS 9 WAS a single user, non networked OS, based on an antiquate architecture.

        MacOS X (10) is a derivative from NeXT Operating System, created on top of the Mach microkernel, with true BSD sockets and an enterprise class Object Oriented architecture.

        That's the reasons you don't see stack overflows on Mac OS and that's also the reason the system is quite bullet proof.

        On the other hand, having terminal access to ANY system opens lots of attack vectors, but those aren't the problem. The real problems are fly-bys and document macro trojans, since you don't know what happened until it's to late.

        So next, get your fact right before you speak.
      • cosuna: Yes. Bulletproof.


        "but those aren't the problem"

        Of course they aren't.
        "These aren't the massive security vulnerabilities you are looking for."
    • RE: Great. Trivial hack gives any Lion user admin access


      Several people in the comments under the original story have stated that it worked for them, others say it didn't.

      AFAIAC, if it works for one person, that's too much.

      How long will it take for some devious miscreant to weaponize it and release it while Apple ignores, denies, then ultimately patches it?

      What's the over/under on the # of days before the Apple patch is released? I'm setting the line at 7.

      - Jason
      Jason D. O'Grady
  • Switch to Windows

    OS X is terrible.
  • RE: Great. Trivial hack gives any Lion user admin access

    Quick! Someone grab the Mac Defender source code and have fun! It'll be weeks before Apple admits to this flaw and days after that till they fix it!
    The one and only, Cylon Centurion