21

On macOS High Sierra 10.13.2, when I manually lock the screen (shift+ctrl+power) and later press any key to turn it on, the screen content which was shown at the time I locked the screen is briefly displayed on the screen (something like 1/30 or 1/60 of a second — I can measure it with high speed camera but it doesn't matter much) before it finally displays the login UI.

I've never seen it before High Sierra, but now I can reproduce this 100% of the time. This is really annoying because this might allow a stranger to capture screen contents which were shown immediately before the screen was locked.

I found one workaround which is far from perfect: lock the screen, wake up and press 'esc' to turn off the screen again. Then at the next wake up, nothing is revealed.

If I use cmd+ctrl+Q to lock the session as suggested in comments, it makes the bug less frequent, but doesn't really solve it. In other words it turns a suicide self shot into a Russian Roulette.

  • macOS 10.13.3 is affected
  • not fixed in macOS 10.13.4.
  • not fixed in macOS 10.13.4 with Security Update 2018-001.
  • not fixed in macOS 10.13.5.
  • I think I saw it again in macOS 10.13.6 too.

Are there any better workarounds? Is it worth reporting to Apple as a security/privacy bug?

Improve this question
12
  • Use lock screen instead. You are using “power off screen” which does not lock it, the lock is a side effect of the screen going off. Locking is something like cmd-ctrl-q
    – John Keates
    Commented Jan 15, 2018 at 2:03
  • @JohnKeates perhaps I should. This doesn't turn it off though, apparently having one key combo to (properly) lock the user session and turn the screen off is too much of a luxury.
    – Display Name
    Commented Jan 15, 2018 at 6:35
  • If you press escape after locking, the screen goes black :) So ctrl-cmd-q and then esc is the ultimate combination
    – John Keates
    Commented Jan 16, 2018 at 13:05
  • @JohnKeates yes I know, that's what I do.
    – Display Name
    Commented Jan 16, 2018 at 14:56
  • I used to experience this same problem on my MacBook Pro (13”, mid-2009). I think it stopped when I upgraded from Yosemite (10.10) to El Capitan (10.11). I saw it as a security flaw, and I’m surprised that someone is experiencing it with one of the newer versions of macOS.
    – EJ Mak
    Commented Jan 30, 2018 at 3:12

1 Answer 1

Reset to default
6

Yes - the frame buffer should be scrubbed / discarded as part of the sleep / lock process no matter how brief the render. I don't think it's a huge risk and can be mitigated as you say by logging out of the screen before locking or any number of other ways like timed lockouts.

This may be fixed in Monterey 12.3, Big Sur and Catalina as CVE-2022-22656

I'd just log out or enable fast user switching and switch away from the screen instead of letting the screen saver lock.

Apple publishes a page with instructions on how to report issues. If this were a huge gap, I'd consider asking you to delete the thread, but I don't think this is "stop the planet" serious unless there's a way to abuse this "feature".

https://support.apple.com/en-us/HT201220

Security and privacy researchers

To report security or privacy issues that affect Apple products or web servers, please contact [email protected].

Improve this answer
7
  • 2
    okay… I've sent them a message to [email protected], hopefully they will do something
    – Display Name
    Commented Jan 14, 2018 at 21:52
  • so it's been 1 or 2 macOS updates from the time I've sent them a detailed report, and I didn't get any valuable replies from them, and the bug is still not fixed. :/
    – Display Name
    Commented Feb 1, 2018 at 18:13
  • Yeah, it doesn't work like this.
    – Display Name
    Commented Jun 4, 2018 at 15:58
  • This appears to be fixed as of yesterday's release of macOS Mojave.
    – Jesse P.
    Commented Sep 25, 2018 at 11:18
  • I'm on 10.14.4 and still seeing it.
    – Nick K9
    Commented Apr 17, 2019 at 22:06

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .