VULNERABILITIES / FIXES - October 04, 2013
by Carol~ - 10/4/13 9:03 AM
Apple Mac OS X Directory Services Authentication Security Bypass Security Issue
Release Date : 2013-10-04
Criticality level : Less critical
Impact : Security Bypass
Where : Local system
Solution Status: Vendor Patch
Operating System: Apple Macintosh OS X
Apple has issued an update for Mac OS X, which fixes a security issue.
The security issue is caused due to an error when verifying authentication credentials within the Directory Services component and can be exploited to bypass the password validation and subsequently alter Directory Services records with system privileges.
The security issue is reported in versions 10.8 through 10.8.5 (Mountain Lion) without the Supplemental Update.
Apply the update when available (please see the vendor's advisory for details).
Provided and/or discovered by:
The vendor credits the rookies of 42.