|
|
BugTraq
Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Jul 29 2003 09:29PM Patrick Haruksteiner (haruk gmx at) (2 replies) Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Aug 02 2003 08:42AM Mark Tinberg (mtinberg securepipe com) |
|
Privacy Statement |
> I discoverd another security issue with the Mac OS X screensaver.
> If you have installed escapepod from Ambrosia Software and hit
> crtl-alt-delete(==backspace) when the screensaver with password
> protection is running, it kills the screensaver and the desktop is
> open to anybody - so it has the same effect as the recently
> emerged password-exploit.
This is not a bug in Apple software. This is a third party extension.
Ambrosia's Escape Pod is a utility that kills the frontmost app when the
shortcut keystroke is typed. Naturally it does not ship with MacOS X.
Since the screen saver is just another application (called
ScreenSaverEngine), if you hit the kill key when its running, it gets
killed. Fancy that!
You should really report this to Ambrosia, and ask for a feature that
inhibits the kill functionality for specific applications.
--
Doug White | FreeBSD: The Power to Serve
dwhite (at) gumbysoft (dot) com [email concealed] | www.FreeBSD.org
[ reply ]