Info

Disclosure

Oct 28, 2005

Discovery

Unknown

Dates

Exploit

Oct 28, 2005

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious user to bypass security patches. The issue is triggered due to the way the Software Update application handles ignored updates, which may allow a malicious user to bypass important security patches by marking all applicable updates as ignored and leave the system in an insecure state resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 10.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.	Mac OS X	10.4.2
Apple Computer, Inc.	Mac OS X Server	10.4.2

References

Security Tracker: 1015124
Secunia Advisory ID: 17368
CVE ID: 2005-2750 (see also: NVD)
Related OSVDB ID: 20427 20429 20430 20431
Keyword: APPLE-SA-2005-10-31
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0386.html
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=302763
Vendor URL: http://www.apple.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/20428

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

Mac OS X Server

References

Credit