One Article Review
| Source |  w00tsec |
|---|---|
| Identifiant | 8300160 |
| Date de publication | 2015-10-07 11:26:14 (vue: 2023-01-11 16:56:00) |
| Titre | Mac OS X 10.11 Partial Lock Screen Bypass |
| Texte | Lock screen bypasses are becoming mainstream. The most notable recent bypasses are the one from Ubuntu 14.04 (hold enter, lock screen crashes, computer unlocked) and the one from Android 5.x (input large strings in the password field, destabilize the lock screen, crash to the home screen).Many respected researcher had found and published something about this class of bugs and this blog is no different: this post describes a completely useless super serious vulnerability affecting Mac OS X 10.11 and earlier.Mac OS X 10.11 Partial Lock Screen BypassMac OS X 10.11 (and probably older versions) are vulnerable to a partial lock screen bypass. This is not a *complete* lock screen bypass as you won't be able to freely interact with the Desktop (as far as I know). Here are the steps to reproduce this bug:1 - Hit the Exposé Key (F3) 2 - Click on any window and keep holding it 3 - Keep holding the left mouse button and lock the screen using Command + Option + Eject (hold all these keys together for some time) That's it, now the lock screen has an "extra layer" with the miniaturised desktop windows. If you move the mouse cursor over the correct application position and hit the Space Key, a bigger window will be displayed. You can watch Youtube videos and interact with media players (Quicktime, Spotify etc) using the media control keys. You can't interact directly with the app: if you left-click on the windows or hit Enter, the lock screen takes over that invisible layer.Proof-of-concept - Mac OS X 10.11:If Youtube is blocking the video in your country, watch it here:If you are a serious tech journalist reporting about this bug feature, don't forget to say that |
| Envoyé | Oui |
| Condensat | *complete* 04 11:i 11:if able about affecting all alternate alternating and and the android another any app: application applications are are the becoming bigger blocking blog bonus: bug:1 bugs bugthis button bypass bypasses bypassmac can capitain class click command completely computer computers concept connect control cool correct country coworkers crash crashes cursor describes desktop destabilize different: directly display display3 displayed don during earlier eject enter etc external extra f15 far field for forget found freely friend from gone had has here here:if hidden hide hit hold holding home house input inputting interact invisible it3 journalist keep key keys know large layer leave left lock logged mac mainstream many media miniaturised mirroring monitor most mouse move moving new not notable now older omgbbq one option options over partial parties password personally play players playlist playlists position post preload probably proof published quicktime recent reporting reproduce researcher respected say screen secondary separate serious serious bug serious vulnerability simply some something space specially spotify steps strings super takes tech technique that the the exposé their them these this this bug feature time together ubuntu unattended unlocked use useful useless useless totally user using versions video videos vulnerable want watch who will window windows with won x yet you your youtube |
| Tags | |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.