Whoever owns a Mac should read this article “Mac OS X Lion flaw allows unauthorized password changes.” I’ve known for a long time that as long you have a physical access to Mac, you can boot into single user mode by doing a reboot and then holding down the command key + s combination, consequently allowing you or someone else who doesn’t need to know your password to become root at will. As root, you or someone can definitely change any user’s password, including the administrator’s password. Now, the flaw that the article I’d mentioned of provides an additional security flaw for Macs.
To mitigate the flaw that the article had mentioned of for Mac OS X Lion, Mac users should not create an account for strangers or allow guest account to be active, or the flaw will allow hackers to change administrator’s password at will. In addition to that, Mac users should not visit unsafe websites for now, because hackers can trick Mac users to download exploits that will exploit password change flaw — allowing hackers to change Mac users’ passwords at will when they finally have a remote backdoor to Mac machines. Lastly, it’s best for Mac users to activate Filevault 2. This way, only trusted users can unlock a Mac, and at the same time Filevault 2 protects a Mac from the security issue of having someone or a stranger to boot a Mac into single user mode, effectively disabling someone from becoming root at will.