Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1516Apple MAC OS X vulnerability

CWE-2647 documents4 sources
Severity
7.6HIGHNVD
EPSS
3.5%
top 12.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple MAC OS X
Timeline
PublishedNov 15
Latest updateMay 17

Description

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/mac_os_x21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-3hmw-9rrw-4ppp: The nonet and nointernet sandbox profiles in Apple Mac OS X 102022-05-17
GHSA
GHSA-vprf-3xmv-j9fj: The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 102022-05-14

💥Exploits & PoCs

2
Exploit-DB
SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities2012-08-21
Exploit-DB
SAP NetWeaver Dispatcher - Multiple Vulnerabilities2012-05-09

💬Community

1
Bugzilla
CVE-2011-1142 Wireshark: Stack consumption vulnerability in BER dissector can cause DoS2011-03-03