CVE-2010-0545
First published: Thu Jun 17 2010(Updated: )
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | =10.5.8 | |
| Apple macOS Server | =10.5.8 | |
| Apple macOS Server | =10.6.3 | |
| Apple iOS and macOS | =10.6.3 | |
| Apple macOS Server | =10.6.1 | |
| Apple macOS Server | =10.6.2 | |
| Apple iOS and macOS | =10.6.1 | |
| Apple macOS Server | =10.6.0 | |
| Apple iOS and macOS | =10.6.0 | |
| Apple iOS and macOS | =10.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.5.8
- canonical/apple macos server
- version/apple macos server/10.5.8
- version/apple macos server/10.6.3
- version/apple ios and macos/10.6.3
- version/apple macos server/10.6.1
- version/apple macos server/10.6.2
- version/apple ios and macos/10.6.1
- version/apple macos server/10.6.0
- version/apple ios and macos/10.6.0
- version/apple ios and macos/10.6.2