CVE-2007-0023

Name of the Vulnerable Software and Affected Versions Mac OS X version 10.4.8

Description The issue allows local users to gain privileges via a malicious InputManager in the Library/InputManagers directory of a user's home directory. This occurs when the CFUserNotificationSendRequest function in UserNotificationCenter.app is used in combination with diskutil, and is executed when Cocoa applications attempt to notify the user.

Recommendations For Mac OS X version 10.4.8, consider restricting access to the CFUserNotificationSendRequest function in UserNotificationCenter.app to minimize the risk of exploitation. As a temporary workaround, avoid using the diskutil command in combination with Cocoa applications that utilize the UserNotificationCenter.app until a patch is available.