8 years ago in the category Security Flaw: Apple Hasn’t Paid Attention To Lion’s Security?
Apple is known to be protective with their creations, that’s why they are super anti-jailbreaking, and they file lawsuits every once in a while to those they deemed have stolen their ideas. However, they also have the history to be very lax when it comes to the security of their users.
The Security Flaw
It’s not that they have intentionally overlooked security details, but sometimes, maybe because of focusing to other details, they have the tendency to overlook this aspect of their devices. Proof? Here are some cases.
Comex used a security hole within the downloading of PDF to enable JailbreakMe, the very first jailbreak to have ever jailbroken the iPad 2. Of course, that hole is now patched already with an update. This update however, only patched up that security hole regarding the downloading of PDF files. There is still yet another security hole that was left wide open – and this is what Redmond Pie used to jailbreak and bypass the update. Finally, let’s also not forget that it’s not only the iOS that has security holes, but its apps as well. The Skype app, for example, has a bug that puts its users at a high risk for security threats.
These are only a few to the long list of security threats that Apple users have to put up with. Let’s admit though that Apple is indeed working these out one by one. That’s good, but it’s still not enough given that there are more than a thousand hackers out there just waiting for the right moment we click wrongly.
This is just another security flaw like the rest. This one is not a security hole on the iOS but on the OS X, Lion. If others could attack you using outside forces like unsafe websites, or through tracking down intricate and complicated codes, this security threat is neither – which makes it more threatening.
How does it work? The Lion is so exposed that a good hacker could change your user’s password. Sure, nobody would be able to change your password as long as you always keep your Mac with you, not letting anyone else access it without permission, and by not sharing your password to others, right? Wrong.
Because of Lion’s security hole, it wouldn’t be that complicated to change your password, even if they don’t have the physical access to your Mac, and even if they don’t know the current password.
This important detail is exposed to hackers because there is a shadow file that could only be accessed by users who claim they are also the admin of the device. However, Apple still exposes some of the data stored here to non-admin users, even without them actually accessing your computer physically.
What’s worse is that it is believed that the next update to this version still has this security flaw. What can do in the meantime? Firrst, we could disable automatic logins, as automatic logins make you more at risk. Aside from that you could also enable a screensaver that would require from you a password to get your device working again. Finally, you can use a keychain lock to lock your screen.
