Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Update Fixes the Screen Effects Hole

Posted by pudge on from the mmmm-overrunning-buffers dept.

jellomizer writes "Here is is. Available from Software Update. 'Security Update 2003-07-14 addresses a potential vulnerability when a password is required upon waking from the Screen Effects feature, which could allow an unauthorized user access to the desktop of the logged in user.' Now we can use our screen savers with the warm and fuzzy secure feeling."

4 of 94 comments (clear)

  1. went witout a hitch by poil11 · · Score: 4, Interesting

    i just hope that one day updates won't require a restart.

  2. Does this fix the problem globally? by commodoresloat · · Score: 4, Interesting

    It's unclear from the docs whether this fixes just the problem of the screensaver dumping you back into a session without the password, or whether this addresses the buffer overflow that could cause other applications to crash, including the login window.

  3. Versions by hackwrench · · Score: 5, Interesting

    Anybody have any idea what files this updates and what version it updates those files to?

  4. Here's a reason this IS important by jnetsurfer · · Score: 5, Interesting

    I know that you can gain access to my machine by rebooting and changing the root password. I know that you can get around the open-firmware protection. I know that a screen saver doesn't protect my hard drive from someone opening my machine and taking it... but I am still very thankful for this update. Why? Because I encrypt my entire home directory. (Via the method I mentioned here a while ago). So, the "lock screen" option is very important to me -- If you reboot my machine, my home directory is once again encrypted. So the Screen Saver password does have it's place.