Friday, October 16, 2009

Apple OSX Security FAIL

More than once now, I've managed to get OSX to require me to log in, but allow me to access the machine behind the login prompt.

I have been unable to explicitly reproduce it at will however, and so I would like help from the people out there to determine what exactly is going on, so we can get Apple to fix the problem.

Here is what I know of the problem:
  • Happens on Leopard and Snow Leopard (I'm currently running Snow Leopard 10.6.1).
  • enable: Require password "immediately" after sleep or screen saver begins.
  • enable: Use screen saver "Word of the Day" (mine is set for 5 minutes).
  • Allow screen saver to activate and move the mouse before the the Word of the Day screen saver is fully active.
What you should get if you are able to reproduce this is that the computer pops up a dialog asking you to log in to unlock the machine, however you have mouse access to your desktop, and if you check, you will be able to change security settings as long as they don't require keyboard input. The keyboard will be captured by the login dialog.

I managed to take snapshots of the last two times this has happened on my machine, showing that i was able to access the preferences dialog (I have smuged out personal info in the images):

If you are able to reproduce this, please let me know and what you did to reproduce it, particularly is you are able to do it at will.

By all means call apple about the problem if you can reproduce it. The case number I put in is: Apple Expert Case 139146232

Update: This has been submitted to as issue # 7318689
Update: This appears to be fixed in OSX 10.6.2 as I have not seen any further occurrence.

No comments: