Hi there!



I discoverd another security issue with the Mac OS X screensaver.

If you have installed escapepod from Ambrosia Software and hit

crtl-alt-delete(==backspace) when the screensaver with password

protection is running, it kills the screensaver and the desktop is

open to anybody - so it has the same effect as the recently

emerged password-exploit.

I expected that there should be a forced logout, if the screensaver

dies... - but there is no such behavior...



I have allready reported this to product-security@apple.com, but 

as usual with no reply...



Tested on this System Configuration:



Mac OS X 10.2.6 with Security Update 2003-07-14

1GB RAM

1GHZ PowerBook G4

escapepod 1.0.0d3 from http://www.ambrosiasw.com/utilities/

freebies/





--



/harp