Description
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Scores
EPSS
0.0128
EPSS Percentile
66.7%
Details
CWE
CWE-20
Status
published
Products (15)
apple/installer
apple/mac_os_x
10.6.0
apple/mac_os_x
10.6.1
apple/mac_os_x
10.6.2
apple/mac_os_x
10.6.3
apple/mac_os_x
10.6.4
apple/mac_os_x
10.6.5
apple/mac_os_x
10.6.6
apple/mac_os_x_server
10.6.0
apple/mac_os_x_server
10.6.1
... and 5 more
Published
Mar 23, 2011
Tracked Since
Feb 18, 2026