OSX Lion let hacker to change password via dscl utility! How to fix it!

Posted: September 22, 2011 in News

We recently wrote about the dscl utility and how it allows a Mac OS X Lion user to OS X Lion security flaw allows anyone to change your password. The lack of required admin authentication has since been widely reported as a bug, and a small Security Update will likely be issued by Apple sometime in the near future. Nonetheless, if you’re paranoid about someone getting ahold of your Mac and changing the user password without authorization, you can manually change the permissions of the dscl utility yourself, forcing it to require administrative privileges in order to be run.

• Launch Terminal (located at /Applications/Utilities/)
• Type the following command and hit return:
sudo chmod 100 /usr/bin/dscl

• You will be asked for the current administrative password to confirm the permissions change, enter it and hit return
This is a simple permissions fix that likely mimics what an official security update will do. Using sudo chmod 100 states that only the owner (root) is able to execute the dscl command, which effectively prevents other non-admin users from accessing the directory services utility without using the sudo command, and thus the administrator password.

There may be some unintended consequences of changing those permissions, but it’s unlikely to effect most users. If you do encounter some problems you can always change the permissions back, which look to be set as 755 by default.

  1. This info is magnificent. I understand and respect your clear-cut points. I’m impressed along with your writing style and how effectively you express your thoughts.

  2. I’ve received my iPhone 4S today. Such an amaizing phone ! Siri is really great.

  3. Thanks for sharing your thoughts on other. Regards

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s