Apple has issued a PackageKit update which solves existing vulnerabilities in Mac OS X versions 10.6 and later. The vulnerability in PackageKit’s distribution format strings can be used by attackers to cause application termination or arbitrary code execution.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The vulnerability is usually exploited when Software Update checks for new updates. Apple claims to have addressed this issue through improved validation of distribution scripts. The update (CVE-2010-4013) is available for Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5.