Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)

From: Patrick Haruksteiner <haruk () gmx at>
Date: Wed, 30 Jul 2003 22:56:05 +0200

On Wednesday, July 30, 2003, at 10:07 h, Doug White wrote:

On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:


I discoverd another security issue with the Mac OS X screensaver.
If you have installed escapepod from Ambrosia Software and hit
crtl-alt-delete(==backspace) when the screensaver with password
protection is running, it kills the screensaver and the desktop is
open to anybody - so it has the same effect as the recently
emerged password-exploit.


This is not a bug in Apple software. This is a third party extension.
Ambrosia's Escape Pod is a utility that kills the frontmost app when the 
shortcut keystroke is typed. Naturally it does not ship with MacOS X.

Since the screen saver is just another application (called
ScreenSaverEngine), if you hit the kill key when its running, it gets
killed.  Fancy that!
I know that! But it should be the concern of the OS that you cannot circumvent its security system with the help of other applications! 


--
harp
Previous By Date Next
Previous By Thread Next

Current thread: