Mac OS X Security Issue – Screensaver Security Issue/Hack
Security Issue: Mac OS X Screensaver Password Protection Bug
Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA
Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.
When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly authenticating. The vulnerability was discovered when he held down a key on his keyboard for more than five minutes then pressed enter.
Solution
When leaving your computer for a long period of time it is suggested to log out all-together so there are not any active programs open or files in use that could lose data upon a improper shutdown.
Apple will address this issue and a fix will be available shortly, this document will be updated when a fix is released.