CVE-2007-0345 — Apple MAC OS X vulnerability

2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 75.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedJan 18

Latest updateMay 1

Description

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/mac_os_x10.4.8

🔴Vulnerability Details

GHSA

GHSA-r3v6-qx7j-xr83: The (1) Activity Monitor↗2022-05-01

▶