Security blogger Patrick Dunstan has uncovered two major password security issues in Mac OS X Lion.

"He discovered Apple's developers had made user security worse in two important ways: firstly, it's possible to change the password of the current user without needing to know the original password, as Dunstan explains," writes The Register's John Leyden.

"And that isn't the only backward step," Leyden writes. "Previously only a user with root (admin) privileges to a machine was able to get at the password hashes for other users, which are held in so-called 'shadow files.' With OS X Lion this restriction is easily circumvented."

Go to "Apple makes a hash of password security (again)" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.