• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apple Mac OS X Security Update 2005-10-31 Multiple Local Vulnerabilities

Apple has released Security Update 2005-10-31 to address multiple Mac OS X local vulnerabilities.

The following vulnerabilities were addressed by the security update:

- A misleading file ownership display, resulting in a false sense of security.

- A software update failure, potentially resulting in a failure to install critical security fixes.

- A group membership alteration issue, potentially resulting in unauthorized access due to a delayed changes to group membership.

- An information disclosure issue with Keychain, potentially allowing unauthorized users to view already displayed plaintext passwords after the Keychain has automatically locked due to a timeout.

- Multiple information disclosure issues in the kernel, potentially allowing local users to gain access to sensitive information, aiding them in further attacks.

These vulnerabilities will be separated into individual BIDs upon further analysis of the issues.