iTnews
  • Home
  • News
  • Technology
  • Security

Adelaide Uni researcher reveals Apple password flaw

By Darren Pauli
Sep 26 2011 10:30AM
Follow google news

Lion passwords can be cracked or changed.

An Adelaide security researcher has blown the lid on an explosive Apple OS Lion flaw that allows passwords to be accessed and changed by anyone.

Adelaide Uni researcher reveals Apple password flaw

The flaw exists in the way passwords are stored and accessed as encrypted shadow files.

These files are accessible due to flaws in the file permission structure that is designed to allow only authorised local users and administrators access to the shadow files.

But the oversight allows anyone to skirt the permissions by looking up password hashes for all users that were stored in directory services.

Passwords can then be brute forced, or simply changed.

Security researcher Patrick Dunstan, a senior security information specialist at the University of Adelaide revealed on his Defence in Depth blog that the flaw allows OS X user password hashes and salts to be parsed.

“It appears in the redesign of OS X Lion's authentication scheme a critical step has been overlooked,” Dunstan said.

“So for all modern OS X platforms (Tiger, Leopard, Snow Leopard and Lion) each user has their own shadow file (hash database) whose data is accessible only by the root user… or at least it should be.

“Obtain the user's GeneratedUID and then use that ID to extract hashes from a specific user's shadow file.”

The holes go beyond vulnerabilities revealed by Dunstan in 2009 that allowed passwords to be cracked only via administrative accounts on pre- OS X 10.7 systems.

Dunstan created a Python script to assist in cracking the SHA512 + 4-byte salt OS X Lion hashes.

He said users can mitigate the attacks by limiting standard access to the command line DSCL utility using:

$ sudo chmod 100 /usr/bin/dscl

Sophos senior consultant Chester Wisniewski recommened users change passwords, enable a screensaver password prompt, and disable automatic logon.

He said the capability to change passwords was "particularly dangerous" if Apple's FileVault 2 disk encryption was used.

"If your Mac were left unlocked and someone changed your password, you would no longer be able to boot your computer and potentially would lose access to all of your data."

More information is available on Dunstan's blog.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
appleexploitshackingmacos xpasswordssecurityvulnerabilities

Related Articles

  • Anthropic pulls Mythos-class models globally Anthropic pulls Mythos-class models globally
  • AudiA6 crypto launderers arrested, network taken down by police AudiA6 crypto launderers arrested, network taken down by police
  • US charges suspected Russian hacker with facilitating cyber campaign US charges suspected Russian hacker with facilitating cyber campaign
  • Gov looks for upstream threat blocking by telcos, cloud operators Gov looks for upstream threat blocking by telcos, cloud operators
Join our WhatsApp Channel

Partner Content

You meet the security standard. Shame no one can see it
Promoted Content You meet the security standard. Shame no one can see it
AI is delivering business value today
Partner Content AI is delivering business value today
CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies
Scalable AI solutions: secure delivery
Scalable AI solutions: secure delivery

Sponsored Whitepapers

Are Australian organisations as cyber-ready as they think?
Are Australian organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
From visibility to execution: Fixing the SaaS management gap
From visibility to execution: Fixing the SaaS management gap
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Anthropic releases Mythos-class model for public use

Anthropic releases Mythos-class model for public use
Apple bumps up security in fresh operating system releases

Apple bumps up security in fresh operating system releases
Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.