Slashdot Mirror

← Back to Stories (view on slashdot.org)

Screensaver Bug in Mac OS X

Posted by michael on from the bomb-icon dept.

dave1212 writes "Still too early to tell, but there seems to be a screen saver password exploit in Mac OS X. It was discovered and postedon the Full Disclosure list earlier today. Theories, personal tests, and rumours abound, with some success stories, and the possibility that it could affect all Cocoa programs. Speculation points toward a 2048 character buffer, with people using the emacs shortcuts Ctrl-K and Ctrl-Y to fill the text field in under half a minute."

5 of 452 comments (clear)

  1. I writed this commented.. by banal+avenger · · Score: 5, Interesting

    It's no wonder why Apple didn't reply, look at the subject of the email sent to Apple: "forgot your screensaver password ?? Hackit anyway." Must have been Jeff K reporting the bug.

    In other news, a similar bug has been an issue on the Mac OS X version of Folding@Home. The screen saver crashes when lock screen is activated, and it's been months since I first noticed it, and I've seen it mentioned on the Folding boards, and it still hasn't been fixed. I agree with some of the people on the Macslash forum: Don't rely on screen savers if you have truly sensitive data within in reach of scrupulous characters.

  2. ok people wtf by carpe_noctem · · Score: 5, Interesting

    I saw this "exploit" on full-dis, where it started a rather large thread, given how silly this bug actually is (a screensaver breaker...ooooh now I'm quaking in my boots). I thought it was excessive that -anyone- responded to his thread, and now it got posted on /. ? What gives?

    Probably going to get modded down for troll, but I had to vent. Excuse me. ;)

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  3. I believe this is no longer true... by igabe · · Score: 5, Interesting

    If I am not mistaken, this was on Slashdot a while back. Apple was quick to correct this.

    The only problem(an ironic one) is that they updated the flaw through Software Update =)

    --
    tilTrue.info contechtext.info prettypowerful.info twitter.com/frets fb.com/prosody
  4. Get root access by gotr00t · · Score: 5, Interesting

    On any computer using OSX, it is possible to change the root password with 6 easy steps:

    Reboot the computer
    Hold down appl ctrl + S
    Type "mount -uw /"
    "su" (it dosen't ask for a password)
    "/sbin/systemstarter"
    "passwd"

  5. Because Panthers run faster by igabe · · Score: 5, Interesting

    Just FYI Panther seems immune to this exploit.

    Tried doing the procedure ~10 minutes in the Screen Saver and nothing happened. Then tried again in few other cocoa apps. Still nothing. Just worked like normal(for once this is a good thing).

    My only question is if Apple acknowledged this flaw in Jaguar and then fixed it in Panther, or if Apple just ended up fixing it quite accidentally.

    And yes, I realize most people can't just upgrade to Panther yet to fix this rather major oversight on Apple's part.

    Yea and I think that you should be able to use Exposé as a screensaver =)

    --
    tilTrue.info contechtext.info prettypowerful.info twitter.com/frets fb.com/prosody