Bugtraq mailing list archives
Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
From: Patrick Haruksteiner <haruk () gmx at>
Date: 29 Jul 2003 21:29:07 -0000
Hi there! I discoverd another security issue with the Mac OS X screensaver. If you have installed escapepod from Ambrosia Software and hit crtl-alt-delete(==backspace) when the screensaver with password protection is running, it kills the screensaver and the desktop is open to anybody - so it has the same effect as the recently emerged password-exploit. I expected that there should be a forced logout, if the screensaver dies... - but there is no such behavior... I have allready reported this to product-security () apple com, but as usual with no reply... Tested on this System Configuration: Mac OS X 10.2.6 with Security Update 2003-07-14 1GB RAM 1GHZ PowerBook G4 escapepod 1.0.0d3 from http://www.ambrosiasw.com/utilities/ freebies/ -- /harp
Current thread:
- Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 30)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) mns (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Gavin Hanover (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Brian Eckman (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Fred Noltie (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- <Possible follow-ups>
- RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) CHRIS GRABENSTEIN (Jul 31)