SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Mac OS X Security Issue – Screensaver Security Issue/Hack

Posted on July 7, 2003

Security Issue: Mac OS X Screensaver Password Protection Bug

Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA

Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.

When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly authenticating. The vulnerability was discovered when he held down a key on his keyboard for more than five minutes then pressed enter.

Solution

When leaving your computer for a long period of time it is suggested to log out all-together so there are not any active programs open or files in use that could lose data upon a improper shutdown.

Apple will address this issue and a fix will be available shortly, this document will be updated when a fix is released.

Join our mailing list for the latest security news and deals