Mac OS X RSS Visualizer QuartzComposerScreenSaver Restriction Bypass

2005-08-17T06:35:03
ID OSVDB:18787
Type osvdb
Reporter Jay Craft()
Modified 2005-08-17T06:35:03

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to bypass screensaver password protection. The issue is triggered when a malicious local user clicks a link in the RSS Visualizer screensaver, which will open the URL even if a password has been set on the screensaver. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to bypass screensaver password protection. The issue is triggered when a malicious local user clicks a link in the RSS Visualizer screensaver, which will open the URL even if a password has been set on the screensaver. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014705 Secunia Advisory ID:16449 Generic Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html CVE-2005-2515