Vulnerability Description
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.5.0 |
Related Weaknesses (CWE)
References
- http://www.coresecurity.com/content/apple-osx-sandbox-bypassExploit
- http://www.securityfocus.com/archive/1/520479/100/100/threaded
- http://www.coresecurity.com/content/apple-osx-sandbox-bypassExploit
- http://www.securityfocus.com/archive/1/520479/100/100/threaded
FAQ
What is CVE-2011-1516?
CVE-2011-1516 is a vulnerability with a CVSS score of 7.6 (HIGH). The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to acc...
How severe is CVE-2011-1516?
CVE-2011-1516 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1516?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.