Wednesday, October 7, 2015

Mac OS X 10.11 Partial Lock Screen Bypass

Lock screen bypasses are becoming mainstream. The most notable recent bypasses are the one from Ubuntu 14.04 (hold enter, lock screen crashes, computer unlocked) and the one from Android 5.x (input large strings in the password field, destabilize the lock screen, crash to the home screen).

Many respected researcher had found and published something about this class of bugs and this blog is no different: this post describes a completely useless super serious vulnerability affecting Mac OS X 10.11 and earlier.

Mac OS X 10.11 Partial Lock Screen Bypass

Mac OS X 10.11 (and probably older versions) are vulnerable to a partial lock screen bypass. This is not a *complete* lock screen bypass as you won't be able to freely interact with the Desktop (as far as I know). Here are the steps to reproduce this bug:

1 - Hit the Exposé Key (F3)



2 - Click on any window and keep holding it



3 - Keep holding the left mouse button and lock the screen using Command + Option + Eject (hold all these keys together for some time)



That's it, now the lock screen has an "extra layer" with the miniaturised desktop windows. If you move the mouse cursor over the correct application position and hit the Space Key, a bigger window will be displayed.



You can watch Youtube videos and interact with media players (Quicktime, Spotify etc) using the media control keys. You can't interact directly with the app: if you left-click on the windows or hit Enter, the lock screen takes over that invisible layer.

Proof-of-concept - Mac OS X 10.11:


If Youtube is blocking the video in your country, watch it here:



If you are a serious tech journalist reporting about this bug feature, don't forget to say that this is specially useful to play Youtube and Spotify playlists during parties at a friend's house. You don't want to leave you Mac logged in and unattended, so you simply preload the playlist and lock the screen using this cool technique.


Bonus: Mac OS X 10.11 Hidden Window Bug

This is yet another useless totally serious bug affecting the new Mac OS X El Capitain. You can hide an application window from the user by moving them to another display and alternating the screen mirroring options. Here are the steps to reproduce this bug:

1 - Connect your monitor to an external display ("Use As Separate Display")


2 - Move the window you want to hide to the secondary display

3 - Hit the Exposé Key (F3), move the mouse cursor over the window you want to hide and hit the Space Key.

4 - Alternate the screen mirroring options by inputting Command + F1

5 - The window is gone (OMGBBQ!!!)

Proof-of-concept - Mac OS X 10.11:



I personally use this to hide all the Mac applications from coworkers who leave their computers unlocked and unattended.


No comments:

Post a Comment