|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: MacOSX - crash screensaver locked with password and get the desktop back
From: Adam H. Pendleton (fmonkey
fmonkey.net)
Date: Mon Jul 07 2003 - 10:10:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Delfim Machado wrote:
>three days ago i discovered a security issue, with the last MacOSX.
>
>there is a way to crash the screensaver locked with password and gain
>the desktop.
>
This isn't a new issue; well not exactly. The method for crashing to
screensaver is new to me, but the result isn't. When I first got my
Powerbook (December of last year), it came with a .Mac screensaver
which, IIRC, attempts to load its slideshow images off the Internet. At
the time, I was able to crash the .Mac screensaver by pulling the
network plug while the screensaver was trying to update its images.
Doing this caused the screensaver to crash and the Desktop to return
(despite password locking). I reported this vulnerability to Apple, but
never got a response, and it obviously hasn't been fixed. I don't have
an exact date on when I originally reported it, but I believe it was
sometime in January '03.
ahp
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]