Main Vulnerability Database SB2012051104

SB2012051104 - Race condition in Apple MAC OS X

Published: May 11, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012051104

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2012-0656)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.

Remediation

Install update from vendor's website.

References

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://www.securityfocus.com/bid/53445
http://www.securityfocus.com/bid/53459