CVE-2011-1516

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
applemac_os_x
10.5.0
applemac_os_x
10.5.1
applemac_os_x
10.5.2
applemac_os_x
10.5.3
applemac_os_x
10.5.4
applemac_os_x
10.5.5
applemac_os_x
10.5.6
applemac_os_x
10.5.7
applemac_os_x
10.5.8
applemac_os_x
10.6.0
applemac_os_x
10.6.1
applemac_os_x
10.6.2
applemac_os_x
10.6.3
applemac_os_x
10.6.4
applemac_os_x
10.6.5
applemac_os_x
10.6.6
applemac_os_x
10.6.7
applemac_os_x
10.6.8
applemac_os_x
10.7.0
applemac_os_x
10.7.1
applemac_os_x
10.7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.coresecurity.com/content/apple-osx-sandbox-bypass
http://www.securityfocus.com/archive/1/520479/100/100/threaded
http://www.coresecurity.com/content/apple-osx-sandbox-bypass
http://www.securityfocus.com/archive/1/520479/100/100/threaded