A flaw in one of Mac OS X’s command-line utilities has potentially opened a route for an attacker to change a users password without knowing the current password. In order for this to work, the attacker needs either physical access to a computer where the target account is logged in, or needs to have remote access to the account. There are no reported incidents of this vulnerability being exploited in the wild, so the concern level for Mac users is probably not very high. Taking steps to protect yourself is a smart and, in this case, fairly easy thing to do.”]
Source: https://www.csoonline.com/article/2129620/lion-vulnerability-lets-attacker-change-user-password.html