14 DAY TRIAL // There is a Lightweight Directory Access Protocol (LDAP) vulnerability in OS X 10.7 Lion that Apple has failed to patch in OS X 10.7.1, even though the flaw had already been discovered prior to the release of the software update, security experts are reporting.
According to security experts quoted by Macnn, the LDAP flaw is a serious one, especially for enterprise users who are now advised to steer clear of Lion Macs until Apple patches the bug.
Rob Graham, CEO of Errata Security, explains “Once we own an LDAP server we own everything. I can walk up to any laptop (in an organization) and log into it.”
It appears that protocols competing with LDAP are safe, according to the report.
As noted above, the issue was discovered before Apple had launched OS X 10.7.1 publicly, which begs the question: why wasn’t the hole plugged then?
It could be that Apple simply learned about it too late, or that they didn’t consider it a priority for the first maintenance update for Lion (although the latter theory is less plausible).
Whichever the reason, the company formerly run by Steve Jobs has the Apple Developer community hard at work testing beta builds of Mac OS X 10.7.2, the second (unreleased) maintenance update for Lion.
OS X Lion Update 10.7.2 Build 11C43 asks developers to focus their testing skills on areas like AirPort, AppKit, GraphicsDrivers, iCal, iChat, Mac App Store, Mail, Spotlight and Time Machine. The build has no known issues.
Alongside this third beta of OS X 10.7.2, Apple also rolled out iCloud for OS X Lion Beta 9 and iPhoto 9.2 Beta 3.
The patch for said LDAP bug could find its way inside OS X 10.7.2 though Apple may be prompted to issue a separate security update before finishing up development on this second incremental update to Lion.