Wednesday, May 9, 2012

Apple fixes CVE-2012-0649 and CVE-2012-0657 in Mac OS X v10.7.4

In todays security update, Apple fixed two issue I reported.  Here are some additional details on those issues.  To see Apple's official advisory, see http://support.apple.com/kb/HT5281

• CVE-2012-0649

Impact: A local user may be able to execute arbitrary code with system privileges
Description: A temporary file race condition issue existed in blued's initialization routine.

Additional detail:  The file in question is "/tmp/com.apple.Bluetooth.plist" and was created shortly after boot and potentially other circumstances.  Under certain circumstances, the writing or creation of this file could be attacked with standard file race techniques to create or clobber files by a local attacker.

• CVE-2012-0657

Impact: A user with physical access to the computer may be able to cause Safari to launch if the screen is locked and the RSS Visualizer screen saver is used
Description: An access control issue existed in Quartz Composer's handling of screen savers. This issue is addressed through improved checking for whether or not the screen is locked.

Additional detail:  The original finder of this bug is  Jay Craft of GrooVault Entertainment, LLC.  That is to say, when this bug was originally found and fixed, this was the original reporter.  My work in finding this bug was merely to retest the issue once Lion was released.  I noticed his issue was once again present.    The description was defined as CAN-2005-2515 and is listed in http://support.apple.com/kb/TA23465?viewlocale=en_US&locale=en_US

Thanks to the Apple Product Security team for addressing both issues.