Bugtraq mailing list archives
Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
From: Doug White <dwhite () gumbysoft com>
Date: Wed, 30 Jul 2003 13:07:05 -0700 (PDT)
On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:
I discoverd another security issue with the Mac OS X screensaver. If you have installed escapepod from Ambrosia Software and hit crtl-alt-delete(==backspace) when the screensaver with password protection is running, it kills the screensaver and the desktop is open to anybody - so it has the same effect as the recently emerged password-exploit.
This is not a bug in Apple software. This is a third party extension. Ambrosia's Escape Pod is a utility that kills the frontmost app when the shortcut keystroke is typed. Naturally it does not ship with MacOS X. Since the screen saver is just another application (called ScreenSaverEngine), if you hit the kill key when its running, it gets killed. Fancy that! You should really report this to Ambrosia, and ask for a feature that inhibits the kill functionality for specific applications. -- Doug White | FreeBSD: The Power to Serve dwhite () gumbysoft com | www.FreeBSD.org
Current thread:
- Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 30)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) mns (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Gavin Hanover (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Brian Eckman (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Fred Noltie (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- <Possible follow-ups>
- RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) CHRIS GRABENSTEIN (Jul 31)