SecureMac, Inc.

Mac OS X Security Issue – Screensaver Security Issue/Hack

July 7, 2003

Security Issue: Mac OS X Screensaver Password Protection Bug

Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA

Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.

When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly …

Mac OS X Security Issue – Screensaver Security Issue/Hack

Security Issue: Mac OS X Screensaver Password Protection Bug

Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA

Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.

When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly authenticating. The vulnerability was discovered when he held down a key on his keyboard for more than five minutes then pressed enter.

Solution

When leaving your computer for a long period of time it is suggested to log out all-together so there are not any active programs open or files in use that could lose data upon a improper shutdown.

Apple will address this issue and a fix will be available shortly, this document will be updated when a fix is released.

Filed under 10.2 Jaguar, Mac OS X, Security Advisory

Related Posts

Latest Security News

Get the latest security news and deals