Apple Mac OS X contains a vulnerability when restricting access to application uses a pre-defined sandbox profile (Seatbelt). Successful exploitation may allow an attacker to perform certain functions outside of the sandbox, bypassing intended sandbox restrictions.
Note: According to CORE's advisory, Apple does not believe this issue has any security implications and they intend to update their documentation to reflect the sandbox profile's functionality.
Mac OS X 10.7.2, 10.6.x, 10.5.x and earlier
BeyondTrust Prevention and Detection:
- 15909 - Apple Mac OS X Security Update 2012-001 and OS X 10.7.3 Update
No mitigation has been provided.