Security Update Fixes the Screen Effects Hole

jellomizer writes "Here is is. Available from Software Update. 'Security Update 2003-07-14 addresses a potential vulnerability when a password is required upon waking from the Screen Effects feature, which could allow an unauthorized user access to the desktop of the logged in user.' Now we can use our screen savers with the warm and fuzzy secure feeling."

Re:went witout a hitch

[babbage]

Yeah, but at that point you've gone so much of the way to bringing the system all the way down that you might as well just do the full reboot. You've just described 80% or so of the things that happen in the logout, shutdown, restart, log back in cycle. Unless you just can't have any service disruption in non-GUI software running on your Mac (Apache, MySQL, etc that other machines may be using), then what's the point in saving that 15 seconds & losing state in all your apps anyway? And if you are running services that can't be disrupted, why are you running them on a desktop platform?

Re:went witout a hitch

[babbage]

In which case, the unpatched version is resident in memory, and the patched version is sitting idle on your disc. What's the point of that? When you're ready to apply the patch (which, apparently, isn't right now), then just let the thing reboot & get the clean slate.

Re:Problem?

[NaugaHunter]

What I got as a general consensus was effectively:
a) The possibility of this being used maliciously required physical access, and other physical methods rendered it near moot.
b) This point is hard to get across when the news report reads "Apple has security failure from locked screen savers", and therefore may as well be fixed.
c) Being a buffer problem in a shared library, it is possible that something else, either presently or in the future, would also become vulnerable. This is probably the best reason to fix it while the risk is still light.