OSVDB ID: 70690

Title: Apple Mac OS X USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution

Info

Disclosure

Jan 19, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Apple Mac OS X fails to warn the user before enabling additional Human Interface Device functionality over USB. This may allow a context-dependent attacker to use crafted USB data, such as from a smartphone, to execute arbitrary programs.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Apple Inc.

Mac OS X

Unspecified

References

CVE ID: 2011-0639 (see also: NVD)
Related OSVDB ID: 70689 70691
Other Advisory URL: http://news.cnet.com/8301-27080_3-20028919-245.html
http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou
http://www.cs.gmu.edu/~astavrou/publications.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/70690