PT-2007-6809 · Apple · Corefoundation+1
Published
2007-12-19
·
Updated
2017-07-29
·
CVE-2007-5847
CVSS v2.0
6.6
Medium
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Core Foundation in Apple Mac OS X version 10.4.11
Description
A race condition in the CFURLWriteDataAndPropertiesToResource API creates files with insecure permissions, potentially allowing local users to obtain sensitive information.
Recommendations
For Mac OS X 10.4.11, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Corefoundation
Macos X