CVE-2008-7303Apple MAC OS X vulnerability

CWE-2644 documents2 sources
Severity
7.6HIGHNVD
EPSS
3.5%
top 12.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple MAC OS X
Timeline
PublishedNov 15
Latest updateMay 17

Description

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/mac_os_x21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-3hmw-9rrw-4ppp: The nonet and nointernet sandbox profiles in Apple Mac OS X 102022-05-17
GHSA
GHSA-vprf-3xmv-j9fj: The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 102022-05-14