Application Enhancer Local Privilege Escalation Vulnerability

Application Enhancer is prone to a local privilege-escalation vulnerability.

Local attackers can gain superuser privileges by patching the 'ApplicationEnhancer' binary or by replacing it. The 'aped' process is launched with root privileges, which enables privilege escalation if the 'ApplicationEnhancer' binary is maliciously modified.

Application Enhancer 2.0.2 running on Mac OS X 10.4.8 (8L2127) x86 is vulnerable to this issue; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus