Michael Haller

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.4.x up to 10.4.1 **Description** The issue allows local users to conduct unauthorized file operations via file race conditions due to insecure world- and group-writable permissions for the system cache folder and Dashboard system widgets. **Recommendations** For Apple Mac OS X versions 10.4.x up to 10.4.1, consider changing the permissions of the system cache folder and Dashboard system widgets to prevent world- and group-writable access as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.3.8 **Description** The issue concerns world-writable permissions for certain directories, potentially allowing local users to gain privileges. This could be achieved through the receipt cache or ColorSync profiles. **Recommendations** For Mac OS X versions prior to 10.3.8, update to version 10.3.8 or later to resolve the issue.