Secunia issues "less critical" OS X security alert
Secunia issues "less critical" OS X security alert
Security firm Secunia.com has issued an alert describing a security vulnerability in OS X -- deemed "less critical" (2 on a scale of 1 to 5, with 5 being the most dangerous) -- relating to the Internet Connect application. According to the alert:
- Description:
B-r00t has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.
The problem is that "Internet Connect.app" creates the file "/tmp/ppp.log" in an insecure manner, which can be exploited via symlink attacks.
The vulnerability has been reported in Mac OS X 10.3.4 with "Internet Connect.app" version 1.3. Prior versions may also be affected.
Solution:
Remove "Internet Connect.app" from systems with untrusted users if it isn't needed.
Note that this vulnerability is mainly a concern in multi-user environments where one or more users aren't trusted/known. Most home users, and even multiple-user environments where all users are trustworthy, can safely ignore this security alert.
Resources
Computing Guides
Laptops
Desktops & Monitors
Computer Accessories
Photography
Tablets & E-Readers
3D Printers
Computing Coupons