Security Issue: Mac OS X Screensaver Password Protection Bug Systems Vulnerable: Mac OS X 10.2.6 and prior Date Fixed: TBA Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate…
July 7, 2003 • 1 min readComputers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave. For those…
February 11, 2003 • 3 min readResolution The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304 Information Anonymous writes “I have recently been forwarded…
July 6, 2002 • 2 min readAbout Cisco VPN Client The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect…
June 4, 2002 • 4 min readPublished: 5.07.2002 Fixed: Mac OS X 10.1.4 Effected OS: Mac OS X 10.1.3 and prior) Information The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system…
May 7, 2002 • 2 min readToday it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4. If a…
May 4, 2002 • 2 min readThe folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten…
February 7, 2002 • 4 min readFix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues. Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV…
October 6, 2001 • 2 min readOperating System: Max OS X Version Affected: up to 10.1 Security Risk: High Remote: No Fixed: 10.20.2001 see below About Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the…
October 2, 2001 • 3 min readWhat is nidump? nidump reads the specified NetInfo domain and dumps a por- tion of its contents to standard output. When a flat-file administration file format is specified, nidump provides output using the syntax of the corresponding flat file. The allowed values for format…
July 5, 2001 • 2 min readInformation: This concerns Macs connected to NT servers using Service Pack 4. If a Mac changes its password when connected to NT SP4, from that point on, PCs can log into that user account with NO password (a null password.) – contributed by John Wolf…
June 2, 2001 • 3 min readA fatal bug in MacOS X Server renders Apple’s new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features. During a server load test at c’t Labs,…
June 2, 2001 • 2 min read