[Macpartners] Security Update 2003-07-14 is now available

Albert Willis awillis at MIT.EDU
Tue Jul 15 16:48:00 EDT 2003 

This security update fixes the problem described bellow. The short 
description is that someone with physical access to a Mac OS X 
machine can bypass the screen saver password and gain access to the 
logged in user's files, etc. The details are available at 
http://www.securemac.com/macosx-screensaver-security.php.

In the less than 24 hours the update has been available, the vast 
majority of users haven't experienced any problems. There have been 
reports of some problems (kernel panics; inability to mount disk 
images) according to MacFixit, but nothing that seems directly 
related to the update itself.

I would recommend running repair permissions (Applications > 
Utilities folder > Disk Utility > First Aid tab > Repair Permissions) 
after installing any software software, especially if you haven't run 
it in a while. This should reduce the chance of having problems after 
installing the update.

   -- Al

Albert Willis
Macintosh Platform Coordinator
Software Release Team
MIT Information Systems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-07-14 Screen Effects Password

Security Update 2003-07-14 is now available.

It fixes CAN-2003-0518, a potential vulnerability when a password is
required upon waking from the Screen Effects feature, which could allow
an unauthorized user access to the desktop of the logged in user.

Security Update 2003-07-14 may be obtained from:

    * Software Update pane in System Preferences

    - OR -

    * Apple's Software Downloads web site:

      http://www.info.apple.com/kbnum/n120232
      The download file is named: "SecurityUpd2003-07-14.dmg"
      Its SHA-1 digest is: 210f4819b8559b590632cd62b4055a437b9a0267

Information will also be posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----

More information about the Macpartners mailing list