Apple Mac OS X CoreTypes Security Bypass Vulnerability

Apple Mac OS X is prone to a security-bypass vulnerability because it fails to properly restrict access to unsafe content types in the CoreTypes component.

Remote attackers can exploit this issue to trick a user into executing arbitrary code if affected content types are downloaded and manually opened from a malicious website.

The following are vulnerable:

Mac OS X 10.5.8
Mac OS X Server 10.5.8
Mac OS X 10.6 prior to 10.6.3
Mac OS X Server 10.6 prior to 10.6.3

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.


 

Privacy Statement
Copyright 2010, SecurityFocus