Security Glitch Exposes OS X Account Passwords

Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account.

The vulnerability arises out of a programming error that stores the account password in the computer's memory long after it's needed, meaning it can be retrieved and used to log into the computer and impersonate the user.

"This is a real problem and it needs to be fixed," said Jacob Appelbaum, a San Francisco-area programmer who discovered the vulnerability and reported it to Apple. He said he disagreed with the company's response: "They won't put it in the latest security update or release a security update just for this issue."

View: Full Article @

Report a problem with article
Previous Story

Yahoo Launches Buzz

Next Story

Cracking Open the Apple MacBook Air


Commenting is disabled on this article.

The source link is wrong. It points to an article about Facebook giving Moroccan police private user data.

Of course, the thought springs to mind that if the bad guy used another exploit to gain access to the Mac remotely, they might be able to use the above method to snag the account passwords.

...will let someone with physical access to a Macintosh computer gain access to the password...

Rule #1 of computer security: If you have access to the hardware, the system can be considered insecure.

...Of course, if someone could hijack Back to My Mac remote access, then no physical access is necessary. Or, they could develop an exploit using one of the many unpatched vulnerabilities in OS X and gain access that way. There is no hardware involved here - it is only software.

If this was about Windows and MS gave that response, the industry would be up in arms. OS security is the last thing Apple should be lax about, especially about such ridiculous "glitch". This gaping security hole would make Goatse jealous.

I always loved passwords in OS X. When you can any OS install disk and boot from it to reset any account's password security is the last thing on my mind.

This is more then a "glitch". Its a stupid hole in what is supposed to be secure.

If this had been a Windows OS people would find it so much more serious but for apple its just a "glitch"!