PT-2006-2450 · Apple · Corefoundation+1
Published
2006-05-12
·
Updated
2017-07-20
·
CVE-2006-1442
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CoreFoundation in Apple Mac OS X versions 10.3.9 through 10.4.6
Description
The issue allows attackers to execute arbitrary code from an untrusted bundle due to the bundle API in CoreFoundation loading dynamic libraries even if the client application has not directly requested it.
Recommendations
For CoreFoundation in Apple Mac OS X versions 10.3.9 through 10.4.6, consider restricting the loading of dynamic libraries to only those that are explicitly requested by the client application as a temporary workaround until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Corefoundation
Macos X