Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1516

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.

Published

2011-11-15T18:55:01.637

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.6 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

4.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System apple mac_os_x 10.5.0 Yes
Operating System apple mac_os_x 10.5.1 Yes
Operating System apple mac_os_x 10.5.2 Yes
Operating System apple mac_os_x 10.5.3 Yes
Operating System apple mac_os_x 10.5.4 Yes
Operating System apple mac_os_x 10.5.5 Yes
Operating System apple mac_os_x 10.5.6 Yes
Operating System apple mac_os_x 10.5.7 Yes
Operating System apple mac_os_x 10.5.8 Yes
Operating System apple mac_os_x 10.6.0 Yes
Operating System apple mac_os_x 10.6.1 Yes
Operating System apple mac_os_x 10.6.2 Yes
Operating System apple mac_os_x 10.6.3 Yes
Operating System apple mac_os_x 10.6.4 Yes
Operating System apple mac_os_x 10.6.5 Yes
Operating System apple mac_os_x 10.6.6 Yes
Operating System apple mac_os_x 10.6.7 Yes
Operating System apple mac_os_x 10.6.8 Yes
Operating System apple mac_os_x 10.7.0 Yes
Operating System apple mac_os_x 10.7.1 Yes
Operating System apple mac_os_x 10.7.2 Yes
References