Patrick Dunstan

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.7.2 **Description** The issue allows local users to read the password data of arbitrary users via unspecified vectors. **Recommendations** For Apple Mac OS X versions prior to 10.7.2, update to version 10.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.7 through 10.7.1 **Description** The issue allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation, as the Open Directory does not require the current password to be provided before changing it. **Recommendations** For Apple Mac OS X versions 10.7 through 10.7.1, update to version 10.7.2 or later to resolve the issue.