Apple Installer fails to properly handle package filename strings. It's a affected by a typical format string vulnerability, which can lead to a denial of service condition or arbitrary code execution.
Further information:
- Apple Installer Package Filename Format String Vulnerability
- Petition Online: Assure OSX authentication dialog box authenticity
- Petition Online: Remove all admin->root authorization prompts from OSX
Also, many thanks to an anonymous supporter for donating to the project. We are at $568.73 USD now. We would like to note also that we don't endorse any actions taken against anyone who openly criticizes or disagrees with the project. Let's keep out of personal attacks, they don't bring anything interesting to the playground, and after all, there are plenty of ways to poke fun out of someone without resorting to dirty tricks. For instance, give a exploit a good use.
0 comments:
Post a Comment