Re: MacOSX - crash screensaver locked with password and get the desktopback

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Does anyone care to attach a debugger to the screen saver process and then verify that this is or is not a buffer overflow?
-KF


Adam H. Pendleton wrote:

Delfim Machado wrote:

three days ago i discovered a security issue, with the last MacOSX.
there is a way to crash the screensaver locked with password and gain
the desktop.

This isn't a new issue; well not exactly. The method for crashing to screensaver is new to me, but the result isn't. When I first got my Powerbook (December of last year), it came with a .Mac screensaver which, IIRC, attempts to load its slideshow images off the Internet. At the time, I was able to crash the .Mac screensaver by pulling the network plug while the screensaver was trying to update its images. Doing this caused the screensaver to crash and the Desktop to return (despite password locking). I reported this vulnerability to Apple, but never got a response, and it obviously hasn't been fixed. I don't have an exact date on when I originally reported it, but I believe it was sometime in January '03.

ahp



[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux