SecurityFocus

Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 29 2003 09:29PM
Patrick Haruksteiner (haruk gmx at) (2 replies)

Hi there!

I discoverd another security issue with the Mac OS X screensaver.

If you have installed escapepod from Ambrosia Software and hit

crtl-alt-delete(==backspace) when the screensaver with password

protection is running, it kills the screensaver and the desktop is

open to anybody - so it has the same effect as the recently

emerged password-exploit.

I expected that there should be a forced logout, if the screensaver

dies... - but there is no such behavior...

I have allready reported this to product-security (at) apple (dot) com [email concealed], but

as usual with no reply...

Tested on this System Configuration:

Mac OS X 10.2.6 with Security Update 2003-07-14

1GB RAM

1GHZ PowerBook G4

escapepod 1.0.0d3 from http://www.ambrosiasw.com/utilities/

freebies/

--

/harp

[ reply ]

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Aug 02 2003 08:42AM
Mark Tinberg (mtinberg securepipe com)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 30 2003 08:07PM
Doug White (dwhite gumbysoft com) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 30 2003 08:56PM
Patrick Haruksteiner (haruk gmx at) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 31 2003 05:04PM
mns (mns mnslab com) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 31 2003 07:08PM
Gavin Hanover (ghanover avantipress com) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 31 2003 08:07PM
Brian Eckman (eckman umn edu) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 31 2003 08:53PM
Fred Noltie (noltie airmail net)