three days ago i discovered a security issue, with the last MacOSX.This isn't a new issue; well not exactly. The method for crashing to screensaver is new to me, but the result isn't. When I first got my Powerbook (December of last year), it came with a .Mac screensaver which, IIRC, attempts to load its slideshow images off the Internet. At the time, I was able to crash the .Mac screensaver by pulling the network plug while the screensaver was trying to update its images. Doing this caused the screensaver to crash and the Desktop to return (despite password locking). I reported this vulnerability to Apple, but never got a response, and it obviously hasn't been fixed. I don't have an exact date on when I originally reported it, but I believe it was sometime in January '03.
there is a way to crash the screensaver locked with password and gain the desktop.
ahp
