Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability

Apple Mac OS X Foundation framework is prone to a race-condition security vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to visit a malicious webpage with the Safari browser. This can allow arbitrary code to run with the privileges of the user running the browser or an application that uses the affected API. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 28304 (Apple Mac OS X 2008-002 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.


Privacy Statement
Copyright 2010, SecurityFocus