Vulnerabilities > CVE-2012-0652 - Information Exposure vulnerability in Apple mac OS X 10.7.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.

Vulnerable Configurations

Part Description Count
OS
Apple
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_4.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Composer - QuickTime - Ruby - Security Framework - Time Machine - X11 Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7.
    last seen2020-06-01
    modified2020-06-02
    plugin id59066
    published2012-05-10
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59066
    titleMac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);    # Avoid problems with large number of xrefs.
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(59066);
      script_version("1.27");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id(
        "CVE-2011-1004",
        "CVE-2011-1005",
        "CVE-2011-1777",
        "CVE-2011-1778",
        "CVE-2011-1944",
        "CVE-2011-2821",
        "CVE-2011-2834",
        "CVE-2011-2895",
        "CVE-2011-3212",
        "CVE-2011-3389",
        "CVE-2011-3919",
        "CVE-2011-4566",
        "CVE-2011-4815",
        "CVE-2011-4885",
        "CVE-2012-0036",
        "CVE-2012-0642",
        "CVE-2012-0649",
        "CVE-2012-0652",
        "CVE-2012-0654",
        "CVE-2012-0655",
        "CVE-2012-0656",
        "CVE-2012-0657",
        "CVE-2012-0658",
        "CVE-2012-0659",
        "CVE-2012-0660",
        "CVE-2012-0661",
        "CVE-2012-0662",
        "CVE-2012-0675",
        "CVE-2012-0830"
      );
      script_bugtraq_id(
        46458,
        46460,
        47737,
        48056,
        49124,
        49279,
        49658,
        49778,
        50907,
        51193,
        51198,
        51300,
        51665,
        51830,
        52364,
        53456,
        53457,
        53459,
        53462,
        53465,
        53466,
        53467,
        53468,
        53469,
        53470,
        53471,
        53473
      );
      script_xref(name:"TRA", value:"TRA-2012-02");
      script_xref(name:"CERT", value:"864643");
      script_xref(name:"ZDI", value:"ZDI-12-135");
    
      script_name(english:"Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)");
      script_summary(english:"Check the version of Mac OS X.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes several
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.7.x that is prior
    to 10.7.4. The newer version contains numerous security-related fixes
    for the following components :
    
      - Login Window
      - Bluetooth
      - curl
      - HFS
      - Kernel
      - libarchive
      - libsecurity
      - libxml
      - LoginUIFramework
      - PHP
      - Quartz Composer
      - QuickTime
      - Ruby
      - Security Framework
      - Time Machine
      - X11
    
    Note that this update addresses the recent FileVault password
    vulnerability, in which user passwords are stored in plaintext to a
    system-wide debug log if the legacy version of FileVault is used to
    encrypt user directories after a system upgrade to Lion. Since the
    patch only limits further exposure, though, we recommend that all
    users on the system change their passwords if user folders were
    encrypted using the legacy version of FileVault prior to and after an
    upgrade to OS X 10.7."
      );
      script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-02");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5281");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-135");
      script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2012/Aug/64");
      script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt");
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade to Mac OS X 10.7.4 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/10");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
     
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
    
      exit(0);
    }
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item("Host/OS");
      if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing.");
      if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X.");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    
    
    if (ereg(pattern:"Mac OS X 10\.7($|\.[0-3]([^0-9]|$))", string:os)) security_hole(0);
    else exit(0, "The host is not affected as it is running "+os+".");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FILEVAULT_LOG_INFO_LEAK.NASL
    descriptionPlaintext passwords were discovered in a system log file. Mac OS X Lion release 10.7.3 enabled a debug logging feature that causes plaintext passwords to be logged to /var/log/secure.log on systems that use certain FileVault configurations. A local attacker in the admin group or an attacker with physical access to the host could exploit this to get user passwords, which could be used to gain access to encrypted partitions.
    last seen2020-03-18
    modified2012-05-14
    plugin id59090
    published2012-05-14
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59090
    titleMac OS X FileVault Plaintext Password Logging
    code
    #TRUSTED b09d73673511ae5e354fab9d6aa3841c1a23781b17d04e39cc37fe011b830a07a60da805988ac34a05baf0a2d37ddcf59ba9e70feaf1e082d722903ba1185edd4d50cf70628e0fbaa32ced0a7017f11b1e4e20aceed86a1da9080d0e9dd575ce4d4789cb5a823253e5a3a5c27948a2b585936993285d95d8c33255d92c8bb83aabcd83db1b80438ac9686b3e2f71c61040eaa7fad21886e5ca5810433fcc426d0efd86763ae2572bacb0875b3fe0453b993788cef9441158d22c9602e5c1fc90fb79049ad1fddcdf33b60ccd645f2d31fb483af19ff834a3b45c36c34174f1419ada49f1183050f1ebc3e16c996037eb7731136e07d59fe4bd0d5606641b8133c8e0250e6c49d0163b736512a3028f118713a8f36028a14073d3f589c3c14913c00a1b6f52f77484bb670559b96691ec9f859f8d77b84a84e2a52692adeba5835a8d8166bb32cf9b854a906996d7e081fe0c8249d79e598bca04977c0acfc1f2c52637647c01196f42bec429fa78e3f8bb912a830560a8d136af441d7c752ccdd4afa81b0ed4d849761196fe15d4cd20de09c889b4831304dab3eebc3d853cce61602ad3a98c3fb61f9056aafe10df1e791f6acfe28434221cdc8a367ef0d26f052b3d51d4dad4bef59c6e8c3765b612f4a010ac86fdf491db9a199548f8a4783334729927b49f9c907f231984984c0b2f9561b907dc02b8187d15e7d7deba22
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(59090);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
      script_cve_id("CVE-2012-0652");
      script_bugtraq_id(53402);
    
      script_name(english:"Mac OS X FileVault Plaintext Password Logging");
      script_summary(english:"Checks secure.log files for plaintext passwords");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Mac OS X host logs passwords in plaintext."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Plaintext passwords were discovered in a system log file.  Mac OS X
    Lion release 10.7.3 enabled a debug logging feature that causes
    plaintext passwords to be logged to /var/log/secure.log on systems
    that use certain FileVault configurations.  A local attacker in the
    admin group or an attacker with physical access to the host could
    exploit this to get user passwords, which could be used to gain access
    to encrypted partitions."
      );
      script_set_attribute(attribute:"see_also",value:"https://discussions.apple.com/thread/3715366");
      script_set_attribute(attribute:"see_also",value:"https://discussions.apple.com/thread/3872437");
      script_set_attribute(attribute:"see_also",value:"http://cryptome.org/2012/05/apple-filevault-hole.htm");
      script_set_attribute(attribute:"see_also",value:"http://support.apple.com/kb/HT5281");
      script_set_attribute(attribute:"see_also",value:"http://support.apple.com/kb/TS4272");
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade to Mac OS X 10.7.4 or later and securely remove log files
    that contain plaintext passwords (refer to article TS4272)."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date",value:"2012/02/06");
      script_set_attribute(attribute:"patch_publication_date",value:"2012/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/14");
    
      script_set_attribute(attribute:"plugin_type",value:"local");
      script_set_attribute(attribute:"cpe",value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    include("audit.inc");
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    ver = get_kb_item_or_exit("Host/MacOSX/Version");
    
    match = eregmatch(string:ver, pattern:'([0-9.]+)');
    ver = match[1];
    
    # the vulnerability was introduced in 10.7.3
    if (ver_compare(ver:ver, fix:'10.7.3', strict:FALSE) < 0)
      audit(AUDIT_HOST_NOT, 'Mac OS X >= 10.7.3');
    
    cmd = "/usr/bin/bzgrep ': DEBUGLOG |.*, password[^ ]* =' /var/log/secure.log* 2> /dev/null";
    output = exec_cmd(cmd:cmd);
    if (!strlen(output))
      audit(AUDIT_HOST_NOT, 'affected');
    
    credentials = make_array();
    
    foreach line (split(output, sep:'\n', keep:FALSE))
    {
      # this might be asking for trouble because it's unclear how the logger handles things like passwords with ', '
      # in them. at worst, all that should happen is the last character of the password will be reported incorrectly
      logdata = strstr(line, ' | about to call ');
      fields = split(logdata, sep:', ', keep:FALSE);
      user = NULL;
      pass = NULL;
    
      foreach field (fields)
      {
        usermatch = eregmatch(string:field, pattern:'name = (.+)');
        if (isnull(usermatch))
          usermatch = eregmatch(string:field, pattern:'= /Users/([^/]+)');
        if (!isnull(usermatch))
          user = usermatch[1];
    
        passmatch = eregmatch(string:field, pattern:'password(AsUTF8String)? = (.+)');
        if (!isnull(passmatch))
        {
          pass = passmatch[2];
          pass = pass[0] + '******' + pass[strlen(pass) - 1];
        }
      }
    
      if (!isnull(user) && !isnull(pass))
        credentials[user] = pass;
    }
    
    if (max_index(keys(credentials)) == 0)
      audit(AUDIT_HOST_NOT, 'affected');
    
    report =
      '\nNessus discovered plaintext passwords by running the following command :\n\n' +
      cmd + '\n' +
      '\nThe following usernames and passwords were extracted (note' +
      '\nthat any passwords displayed have been partially obfuscated) :\n';
    
    foreach user (sort(keys(credentials)))
    {
      report +=
        '\n  Username : ' + user +
        '\n  Password : ' + credentials[user] + '\n';
    }
    
    security_note(port:0, extra:report);
    
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen2020-06-01
    modified2020-06-02
    plugin id62214
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62214
    titleMac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62214);
      script_version("1.23");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id(
        "CVE-2011-3026",
        "CVE-2011-3048",
        "CVE-2011-3368",
        "CVE-2011-3389",
        "CVE-2011-3607",
        "CVE-2011-4313",
        "CVE-2011-4317",
        "CVE-2011-4599",
        "CVE-2012-0021",
        "CVE-2012-0031",
        "CVE-2012-0053",
        "CVE-2012-0643",
        "CVE-2012-0652",
        "CVE-2012-0668",
        "CVE-2012-0670",
        "CVE-2012-0671",
        "CVE-2012-0831",
        "CVE-2012-1172",
        "CVE-2012-1173",
        "CVE-2012-1667",
        "CVE-2012-1823",
        "CVE-2012-2143",
        "CVE-2012-2311",
        "CVE-2012-2386",
        "CVE-2012-2688",
        "CVE-2012-3716",
        "CVE-2012-3719",
        "CVE-2012-3721",
        "CVE-2012-3722",
        "CVE-2012-3723"
      );
      script_bugtraq_id(
        47545,
        49778,
        49957,
        50494,
        50690,
        50802,
        51006,
        51407,
        51705,
        51706,
        51954,
        52049,
        52364,
        52830,
        52891,
        53388,
        53403,
        53445,
        53457,
        53579,
        53582,
        53584,
        53729,
        53772,
        54638,
        56241,
        56244,
        56246,
        56247
      );
      script_xref(name:"CERT", value:"864643");
    
      script_name(english:"Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)");
      script_summary(english:"Check the version of Mac OS X.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes multiple
    security vulnerabilities."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.7.x that is prior
    to 10.7.5. The newer version contains multiple security-related fixes
    for the following components :
    
      - Apache
      - BIND
      - CoreText
      - Data Security
      - ImageIO
      - Installer
      - International Components for Unicode
      - Kernel
      - Mail
      - PHP
      - Profile Manager
      - QuickLook
      - QuickTime
      - Ruby
      - USB"
      );
      script_set_attribute(attribute:"see_also", value:"http://seclists.org/bugtraq/2012/Sep/94");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5501");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html");
      script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt");
      script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.7.5 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'PHP CGI Argument Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/20");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
     
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    if (ereg(pattern:"Mac OS X 10\.7($|\.[0-4]([^0-9]|$))", string:os)) security_hole(0);
    else exit(0, "The host is not affected as it is running "+os+".");
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 53457 CVE ID: CVE-2012-0652 OS X Lion Server 内含一组应用软件,可将任意一台Mac 变成功能强大的服务器。Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Apple Mac OS X在实现上存在本地安全限制绕过漏洞,攻击者可利用此漏洞绕过某些安全限制并获取敏感账户信息。 0 Apple Mac OS X 10.7.x Apple MacOS X Server 10.7.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/
idSSV:60128
last seen2017-11-19
modified2012-05-15
published2012-05-15
reporterRoot
titleApple Mac OS X本地安全限制绕过漏洞