A flaw was recently discovered in OS X Lion that allows any user on the Mac to extract a file containing an administrative user’s password. As with past versions of OS X, user passwords are encrypted and stored securely as “shadow files” within the computer’s hard drive. Those files can then only be accessed by that specific user, or administrators, with proper authentication. The flaw with this procedure in Lion is that these files can be accessed by any user on the Mac. So, a Standard or heavily restricted user could potentially obtain an encrypted file containing an Administrator’s password from which the password can be extracted.
The necessity of local access is what restricts this issue the most. The hacker would need to have physical access to your machine. Hopefully this goes without saying, but allowing a potentially dishonest person unsupervised physical access to your machine is never a good idea. Properly securing your Mac by turning off Automatic Login, using strong passwords (letters, numbers, and characters) and even requiring a password immediately after your system has it’s screen saver going, which can be done in the Security Preference pane, are some simple yet substantial security measures.
It is also possible for the hacker to remotely log into the Mac and grab these password files, but this would require conscious configuration on the Mac owner’s part, as well as the hacker’s knowledge of a valid username and password.
I’m confident that Apple will release a Lion Software Update soon enough to correct this issue. In the meantime, however, it is a good idea to utilize the aforementioned security steps, and always keep in mind: there’s no security like physical security.