Local Access Vulnerability in Apple Mac OS X Application Framework
CVE-2004-1081

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime Streaming Server; Darwin Streaming Server
Vendor: CVE Published:; 2 December 2004

What is CVE-2004-1081?

The Application Framework (AppKit) in Apple Mac OS X versions 10.2.8 and 10.3.6 fails to adequately restrict access to secure text input fields. This flaw allows local users to gain unauthorized access to keyboard inputs from other applications running within the same window session, potentially exposing sensitive information.

References

http://www.securityfocus.com/bid/11802

vdb-entryx_refsource_BID

http://secunia.com/advisories/13362/

third-party-advisoryx_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2004/De...

vendor-advisoryx_refsource_APPLE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2004
Vulnerability Reserved
Nov 30, 2004