Apple has issued a PackageKit update which solves existing vulnerabilities in Mac OS X versions 10.6 and later. The vulnerability in PackageKit’s distribution format strings can be used by attackers to cause application termination or arbitrary code execution.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The vulnerability is usually exploited when Software Update checks for new updates. Apple claims to have addressed this issue through improved validation of distribution scripts. The update (CVE-2010-4013) is available for Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5.