Apple Macintosh OS X FBCIndex File Contents Disclosure Vulnerability

Apple Macintosh OS X FBCIndex File Contents Disclosure Vulnerability

A vulnerability has been found in default configurations of Macintosh OS X.

A remote attacker may read the indexed contents of files by submitting a URL to the vulnerable host's web service of the following form:

http://www.example.com/target_directory/.FBCIndex.

This information could provide an attacker with sensitive information including potential passwords useful in dictionary attacks, system configuration, installed applications, etc. Properly exploited, this information could allow an attacker to further compromise the security of the host.