BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Apple OS X Sandbox Predefined Profile Bypass Vulnerability

Disclosed November 10, 2011    Fully Patched

Vulnerability Description:

Apple Mac OS X contains a vulnerability when restricting access to application uses a pre-defined sandbox profile (Seatbelt). Successful exploitation may allow an attacker to perform certain functions outside of the sandbox, bypassing intended sandbox restrictions.

Note: According to CORE's advisory, Apple does not believe this issue has any security implications and they intend to update their documentation to reflect the sandbox profile's functionality.

Vendors:

Apple

Vulnerable Software/Devices:

Mac OS X 10.7.2, 10.6.x, 10.5.x and earlier

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  •  15909 - Apple Mac OS X Security Update 2012-001 and OS X 10.7.3 Update

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None

Leave a Reply