TechUK and MPs debate the future of digital Britain live: News, pictures and analysis

Feedback

Mac OS X Lion LDAP Vulnerability Emerges

SoftwareNews
, 29 Aug 2011News

New reports have shed light into the shocking ‘fact’ that the iPhone maker Apple Inc.’s latest version of the Mac OS X is plagued by some grave security risks, particularly for businesses which use it to communicate with a particular form of centralised network.

According to the reports, almost anyone who logs in to the Mac OS X 10.7, more popularly known as Lion, get instant access to restricted resources by typing in any random passwords with the help of the massively popular authentication technology LDAP.

LDAP (which stands for Lightweight Directory Access Protocol) servers, in simple words, are basically used for storing repositories of important enterprise data, mostly sensitive. Needless to say, for the same set of reasons, these servers more often than not, attract hackers who simply cannot resist the temptation of the forbidden ‘wealth’ contained by them.

“As pen testers, one of the first things we do is attack the LDAP server,” Rob Graham, CEO of auditing firm Errata Security, said in a statement, The Register reports.

“Once we own an LDAP server we own everything. I can walk up to any laptop (in an organization) and log into it,” he added.

The issue was reported on July 25th, still the OS was released without any resolution resolution for the issue. The previous update i.e. Apple's 10.7.1 update didn't have the fix either.

Topics
blog comments powered by Disqus