A flaw in Apple's Mac OS X Lion could allow hackers to change passwords, says security researchers.
According to the Defense in Depth the operating system stores password in Shadow files, which can only be accessed by a high-privilege user such as an administrator. However, unlike previous versions of Mac OS X, Lion gives non-privileged users the ability to view the pass hash. Hackers could then subsequently change the passwords themselves as the "Directory Services in Lion no longer requires authentication when requesting a password change for the current user".
"Due to Lion's relatively short time on the market, I am yet to find any of the major crackers supporting OS X Lion hashes ," said Patrick Dunstan on the blog adding that hackers don't need to "crack hashes when you can just change the password directly!"
"Whilst the ability to change the currently active user's password is not a privilege escalation flaw per se, it can under some circumstances be used for these purposes."
According to Chester Wisniewski from ssecurity firm Sophos www.sophos.co.uk the flaw is particularly dangerous for those using Apple's new FileVault 2 disk encryption.
"If your Mac were left unlocked and someone changed your password you would no longer be able to boot your computer and potentially would lose access to all of your data," he said on a blog.
Wisniewski advised those affected to disable automatic log-on and never leave a machine logged-in and unattended. Furthermore, Mac OS X Lion users should also use the Keychain lock to secure a screen and enable the screensaver, setting it to prompt users for a password.