Do you really think Mac OS X is safe from viruses and hacks? Well, Patrick Dunstan, famous for his article back in 2009 “Cracking Mac OS X passwords“, has found a security flaw within your Mac OS X Lion that essentially allows non-root users to easily view and extract the SHA512 hash using Directory Services (dscl command).
After getting the SHA512 hash, you can basically use your regular brute-force techniques to discover the user password. I’ve tried it out personally, so I know it works.
Interesting? Indeed. Check out his full article – Cracking OS X Lion Passwords.