SecureMac issues "Low Severity" Panther Security Advisory

According to an advisory posted on SecureMac.com, a "low severity" security issue has been discovered in Mac OS X 10.3 Panther. Basically, when Panther's Screen Effects is active using password protection, any keys pressed before the password dialog appears (OS X presents the password dialog when it detects keyboard or mouse activity) "will be sent to the general user environment."

For most users this issue provides minimal actual risk?to quote the SecureMac advisory, "With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in the period of time in which the keys events get through; completing complicated operations at the keyboard have shown to be highly tedious in actual practice thus far."

This vulnerability is apparently not addressed by the OS X 10.3 Security Update released late yesterday by Apple.

Resources