Hi folks, this is another amazing research.
Yep, I wanna say “research” because this kind of stuff often have a bigger impact in the community then more-scientific papers.
Anyway the password discovery has been possible thank a small “EFI memory scraper” (written by William Paul) which ran from a external PC through Apple’s NeetBoot. EFI collected something like 1.25GB file where they found the administrator credential !
Here the complete link (news.com), with pictures and some not detailed explanation ! What does Apple do ? Actually nothing 🙂 According to news.com Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account. But no security update, so far.