MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      
toggle

AAPL Stock: 433.26 ( -1.32 )

http://www.macnn.com/articles/03/07/11/os.x/

OS X update will fix screensaver flaw

updated 12:20 pm EDT, Fri July 11, 2003

 
", 0, 0);


Apple will soon release a that will fix a vulnerability in Mac OS X's screen saver that could let users bypass the password security application, according to Security Supersite. "Security Update 2003-07-14 addresses a potential vulnerability when a password is required upon waking from the Screen Effects feature, which could allow an unauthorized user access to the desktop of the logged in user."


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 12:27pm | report spam | Reply |

    OSX or XP?

    With all the security updates, it's starting to feel like Windows.

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 12:39pm | report spam | Reply |

    Ugh... like windows?

    Like windows, you have to be kidding... Our system is actually secure... and is quickly updated to resolve problems. Much of the time they are security updates that would effect VERY few mac users (not many people use Apache, SSH, etc. They fix it in CASE you should need to use it. This is the same case. Few real admin types would use the screen saver password. I just log out.

    Windows on the other hand will be wide open for attack and only then will you see an update (usually weeks after the original discovery)

    This "vulnerability" is a very small issue. It's not like they can access your computer over the internet. You have to have local access to the computer (be in the same room) and a good amount of time to pull it off (5+ mins).

    I'm not saying it's a problem, but give Apple a break...

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 12:57pm | report spam | Reply |

    Let's be fair

    Oh, just because it does not affect you so you can generalize it to "VERY few"? And as if Windows security update that fixes obscure stuff like the buffer underrun error when clicked on a malformed URL through Windows Media Player is affect tons of people who are just being killed by this problem?

    The first poster is right - with all these security updates, once a year OS upgrade for $130, etc. Apple is learning the bad habits of Windows.

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 01:41pm | report spam | Reply |

    RE: Let's be fair

    Just to give you a feel of how bad 2000/XP is heres neat bug

    http://www.securityfocus.com/archive/1/305382

    If you view a busted opentype font your xp/2000 will instantly blue screen of death. If you install than then someone sends you and HTML email that uses that font your xp will blue screen of death. At the bottom of the post you'll find an attachment of a busted font for you to try. This has yet to be fixed

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 01:49pm | report spam | Reply |

    re : Let's be fair

    "with all these security updates, once a year OS upgrade for $130, etc. Apple is learning the bad habits of Windows."

    How is it a bad habit to release a patch when a flaw is discovered in your software ??? Do you expect any company to release a PERFECT OS, with no flaw whatsoever, that'll never have to be upgraded ? I don't think you spotted this particular bug in OS X before a few days ago when it was discovered, so why would Apple be any different ?

    Besides, if you don't want to update, just don't, you can deactivate the patch in the Software Update panel, and never see it again.

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 01:59pm | report spam | Reply |

    You don't get it

    Of course secutiry updates for any OS or program is a good thing and should be applied promptly, I am not arguing that.

    My point is that since Mac users deride the frequency of Windows releasing security updates - well now we know what that feels like.

    Furthermore, for the OS update thing. Only Mac users (and I am one) are happy enough and dying to pay annualy for a point upgrade. Microsoft ONLY wish they can get away with it (yes, I know they cannot).

    - Captain Obvious

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 02:15pm | report spam | Reply |

    Re: You don't get it

    "Microsoft ONLY wish they can get away with it"

    But they seem able to get companies to pay for two Software Assurance periods per update thus making Software Assurance very expensive.

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 03:03pm | report spam | Reply |

    4000 chars..

    Ok, the 'security' bug is only pressent if you type in 4000+ chars. How many would use 3+ min. to do that... and even know about it?

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 03:15pm | report spam | Reply |

    Time limit? Nope...

    "Ok, the 'security' bug is only pressent if you type in 4000+ chars. How many would use 3+ min. to do that... and even know about it?"

    Well, with copy and paste you can crash screen effects in 21 seconds (my personal best :).

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    07/11, 03:44pm | report spam | Reply |

    Local vs. Remote Exploit

    There is a marked difference between local and remote exploits (ones that can be done with a user with physical access to the machine vs. those that anyone with a network connection can access). This is a locally exploitable bug.

    Should it be fixed? Sure. Is it a huge deal, no. If I have access to your machine, what stops me from rebooting with a recovery disk and reading everything on your harddrive? Nothing (except possibly a BIOS/OpenFirmware password - which no one uses).

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

toggle

Most Commented

 

Popular News