According to media reports, a focus on computer security field Defense Depth in a blog in OS X Lion was found on a security hole, a hacker says "although no root access user can't directly access shadow file, but Lion still provide them with browsing password hash data".
That is, the instructions of the Lion to let any other person to use a simple script to find the password of user information. Worse, a user reflect OS X Lion don't need the user input password will be able to change the current user login credentials, means that as the following instructions "DSCL input localhost-passwd/by Users/can/Roger set a new password or Roger.
Foreign security expert points out, the Lion this vulnerability is likely to be malicious hackers using to steal. Take the Mac users in the computer important information. Because they suggest the Lion should be closed automatic login function and refused to visitors logged on and enable sleep and screen saver password as preventive measures to ensure the safety of the Mac.
