Apple PPPDialer Insecure Log File Creation Symbolic Link Vulnerability

Apple PPPDialer Insecure Log File Creation Symbolic Link Vulnerability

The Apple PPPDialer utility is reported to contain an insecure log file creation vulnerability. The result of this is that log files created by the application are created in a world writeable location.

A local attacker may possibly exploit this vulnerability to execute symbolic link file overwrite attacks.

Privilege escalation may be possible using this method of attack, if the attacker can control the data that is being written to the target file.