Lion vulnerability lets attacker change user password
A vulnerability in one of Lion's command-line utilities allows an attacker to change the password of the currently logged-in user, without supplying the existing password.
http://rss.macworld.com/click.phdo?i=beb77861d41dcf499f0e884665af78a6