Vulnerability: TruBlueEnvironment

Part of the MacOS Classic Emulator, TruBlueEnvironment is setuid root and installed by default. By setting certain environment variables, it is possible to overwrite any file on the system, or create arbitrary files owned as root with the attacker's umask. This vulnerability can be leveraged to create files that will get executed by root through the cron facility.

It is recommended to upgrade to Mac OS X 10.2.4.

For details, click here.

Join the newsletter!

Error: Please check your email address.

More about AtStake

Show Comments