Apple Mac OS X PackageKit Format String Vulnerability Network Vulnerability

Summary

This host is missing an important security update according to Mac OS X 10.6.6 Update.

Impact

Successful exploitation could allow attackers to cause an unexpected application termination or arbitrary code execution. Impact Level: System

Solution

Upgrade to Mac OS X/Server version 10.6.6 or later, For updates refer to http://support.apple.com/downloads/

Insight

The flaw is due to a format string error in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates.

Affected

Mac OS X version 10.6 through 10.6.5 Mac OS X Server version 10.6 through 10.6.5

References

http://secunia.com/advisories/42841
http://support.apple.com/kb/HT4498
http://www.securitytracker.com/id?1024938

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-4013
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mac OS X Certificate Trust Policy Information Disclosure Vulnerability (2011-005)
Microsoft Silverlight Information Disclosure Vulnerability-2890788 (Mac OS X)
Apple Mac OS X iWork 9.1 Update
Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability
MS Office Outlook Information Disclosure Vulnerability - 2813682 (Mac OS X)

Take action and discover your vulnerabilities