Eric Hall

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 8.0 on Mac OS X 10.4.11 **Description** The issue presents misleading information about firewall security when iTunes Music Sharing is enabled but blocked by the host-based firewall. This might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. **Recommendations** For Apple iTunes versions prior to 8.0 on Mac OS X 10.4.11, update to version 8.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.4.2 and earlier **Description** The issue concerns Keychain Access in Mac OS X, where a password remains visible even after a keychain times out while the password is being viewed. This could allow attackers with physical access to obtain the password. **Recommendations** For Mac OS X versions 10.4.2 and earlier, update to a version later than 10.4.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.3.8 **Description** The issue concerns world-writable permissions for certain directories, potentially allowing local users to gain privileges. This could be achieved through the receipt cache or ColorSync profiles. **Recommendations** For Mac OS X versions prior to 10.3.8, update to version 10.3.8 or later to resolve the issue.