Back to search
CVE-2011-1516
Published: Nov 15, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.coresecurity.com/content/apple-osx-sandbox-bypass
x_refsource_MISC
20111110 CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now