Apple patch overlooks Mac OS X 10.3

By
Follow google news

Older version of OS left open to local privilege escalation.

Apple patch overlooks Mac OS X 10.3
Apple's OS X 10.3 continues to suffer from a security vulnerability which the vendor repaired on newer versions of the operating system last Friday, a posting on the milw0rm security exploit site has warned. 

The flaw is identified as CVE-2006-4392. It affects the Mach exception ports which handle kernel errors in OS X.

A malicious user with access to a system could use the flaw to execute unauthorised code in privileged programs. This effectively provides attackers with root access, allowing them to install applications and change system settings.

Apple released a patch on Friday that repairs 15 vulnerabilities in OS X 10.4. But it fails to address the Mach vulnerability in OS X 10.3, according to the milw0rm posting.

The posting also provides code demonstrating how to exploit the vulnerability.

Because exploiting the flaw requires access to a system, it primarily concerns shared systems in schools and libraries, for instance, as well as users who provide guest accounts over the internet.

Apple had not responded to requests for comment at the time of going to press.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
applemacospatchsecurityx

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

The BoM has finally tamed SSL

The BoM has finally tamed SSL
Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia
Scores of Australian Cisco devices remain BADCANDY infected

Scores of Australian Cisco devices remain BADCANDY infected
Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?