Apple Fixes Mac OS X Screen-Saver Flaw

 
 
By Nick Ciarelli  |  Posted 2012-04-29 Email Print this article Print
 
 
 
 
 
 
 

Sources said a forthcoming security update will plug a vulnerability in Mac OS X's screen saver that can open locked desktops to prying eyes.



Apple Computer Inc. will soon release a security update to Mac OS X, sources said. The update will reportedly fix a vulnerability in Mac OS Xs screen saver that lets interlopers access locked desktops. On Thursday, the company seeded developers with a pre-release copy of the update. Recipients said the patch was dated July 14, suggesting Apple plans to release it to users Monday. "Security Update 2003-07-14 addresses a potential vulnerability when a password is required upon waking from the Screen Effects feature, which could allow an unauthorized user access to the desktop of the logged in user," Apple reportedly told developers in a note accompanying the seed. The Screen Effects security hole was first publicized last week in a post to the Full Disclosure mailing list. Mac OS Xs screen saver can be locked with a password, preventing access to the desktop. A user discovered that by pressing a key for several minutes and then hitting the enter key, the screen saver could crash, allowing desktop access.
A post to SecuriTeam.com said the crash takes place because of a large buffer of between 1,280 and 1,380 characters that is sent as the password. Last month the Mac maker released a security update to Mac OS X Server that updated its installation of Apache 2.0, patching a mod_dav security hole. Apple plans to release the next major OS X upgrade, Version 10.3 aka Panther, in both client and server flavors by the end of the year. Cupertino, Calif.-based Apple was not immediately available for comment.
 
 
 
 
 
 
 
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel