Sunday, January 28, 2007

MOAB-28-01-2007: Apple crashdump Privilege Escalation Vulnerability

crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges.

No comments: