Vulnerabilities > CVE-2006-1444 - Multiple vulnerability in Apple mac OS X 10.4.6
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services. Successful exploitation requires that "Enable access for assistive devices" is on. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SECUPD2006-003.NASL |
description | The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21341 |
published | 2006-05-12 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21341 |
title | Mac OS X Multiple Vulnerabilities (Security Update 2006-003) |
code |
|
References
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://secunia.com/advisories/20077
- http://securitytracker.com/id?1016079
- http://www.osvdb.org/25588
- http://www.securityfocus.com/bid/17951
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://www.vupen.com/english/advisories/2006/1779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26409