Apple has released security updates to address seven vulnerabilities affecting Mac OS X. These flaws could be exploited by local attackers to bypass security restrictions or disclose sensitive information.
The first issue is due to an error in the Finder "Get Info" window that does not properly display the file and group ownership information under certain situations, which could cause the displayed ownership and the actual ownership to be unsynchronized.
The second problem is due to an error in the "Software Update" feature that does not provide an opportunity to reset the status of ignored updates, which could cause important updates to not be installed.
The third flaw is due to an error where changes to a group's membership are not immediately reflected in access control checks, which could be exploited by authenticated users to access files or other resources even after they have been removed from a group.
The fourth vulnerability occurs in the Keychain Access utility when locked due to a timeout while viewing a password stored inside it, which could cause plaintext passwords to be disclosed.
The fifth flaw is due to errors in certain kernel interfaces, which could allow local users to obtain portions of sensitive kernel memory.
Credits
Vulnerabilities reported by Eric Hall, Ilja van Sprundel, Neil Archibald and Colin Percival.
ChangeLog
2005-10-31 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
