Apple Computer Inc. will soon release a security update to Mac OS X, sources said. The update will reportedly fix a vulnerability in Mac OS X's screen saver that lets interlopers access locked desktops. On Thursday, the company seeded developers with a pre-release copy of the update. Recipients said the patch was dated July 14, suggesting Apple plans to release it to users Monday.
"Security Update 2003-07-14 addresses a potential vulnerability when a password is required upon waking from the Screen Effects feature, which could allow an unauthorized user access to the desktop of the logged in user," Apple reportedly told developers in a note accompanying the seed. The Screen Effects security hole was first publicized last week in a post to the Full Disclosure mailing list. Mac OS X's screen saver can be locked with a password, preventing access to the desktop. A user discovered that by pressing a key for several minutes and then hitting the enter key, the screen saver could crash, allowing desktop access.
News source: Security Supersite