Apple has released a security patch to correct several vulnerabilities affecting Mac OS X 10.4. These flaws could be exploited by remote or local attackers to bypass certain security restrictions, cause a denial of service or obtain elevated privileges.
- The Bluetooth file exchange service could allow files to be shared without properly notifying the user, which may be exploited by attackers to gain access to files outside of the default file exchange directory.
- An unspecified error in Safari could be exploited by malicious websites to download and install widgets without user confirmation. This issue does not affect Mac OS X versions prior to 10.4.
- Insecure permissions in the POSIX DropBox directory could be exploited by local attackers to discover the names of files placed in normally unsearchable places.
- Insufficient input validation in the nfs_mount() call could allow unprivileged local users to cause a denial of service via a kernel panic.
- A contextual menu feature in Mac OS X 10.4 allows URLs to be opened insecurely from a text input field, which could be exploited by attackers, with a physical access, to launch an application behind a locked screensaver window.
Credits
Vulnerabilities reported by kf_lists and John M. Glenn
ChangeLog
2005-05-20 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
