Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
BID:53457
Info
Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
| Bugtraq ID: | 53457 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-0652 |
| Remote: | No |
| Local: | Yes |
| Published: | May 10 2012 12:00AM |
| Updated: | Sep 20 2012 05:10PM |
| Credit: | Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University and Paul Nelson |
| Vulnerable: |
Apple Mac Os X Server 10.7.3 Apple Mac Os X Server 10.7.2 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X 10.7.4 Apple Mac Os X 10.7.3 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 |
| Not Vulnerable: |
Apple Mac Os X Server 10.7.4 Apple Mac Os X 10.7.4 |
Discussion
Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
Apple Mac OS X is prone to a local security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive account information.
Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Apple Mac OS X is prone to a local security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive account information.
Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Exploit / POC
Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Apple Mac Os X Server 10.7.3
Apple Mac Os X 10.7.3
Apple Mac Os X Server 10.7.2
Apple Mac Os X 10.7.1
Apple Mac Os X 10.7.2
Apple Mac Os X Server 10.7.1
Apple Mac Os X Server 10.7
Solution:
Updates are available. Please see the references for more information.
Apple Mac Os X Server 10.7.3
-
Apple MacOSXServerUpd10.7.4.dmg
For OS X Lion Server v10.7.3
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.3
-
Apple MacOSXUpd10.7.4.dmg
For OS X Lion v10.7.3
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7.2
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.1
-
Apple MacOSXUpdCombo10.7.4.dmg
For OS X Lion v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.2
-
Apple MacOSXUpdCombo10.7.4.dmg
For OS X Lion v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7.1
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/