[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003001cb492a$571f8a50$055e9ef0$@us>
Date: Tue, 31 Aug 2010 12:34:09 -0400
From: "Jonathan Kamens" <jik@...ens.us>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Mac OS X Mail parental controls vulnerability
The parental controls built into the Mac OS X Mail client can be easily
bypassed by anyone who knows the email address of the child and his/her
parent. The Mail client can be fooled into adding any address to the child's
whitelist (i.e., the list of addresses with whom the child is allowed to
correspond), as if the parent had approved the address, without his/her
knowledge or consent. This vulnerability can be taken advantage of by the
child or by any third party anywhere on the Internet.
I have reported this vulnerability to Apple, and they have declined to
assign a CVE ID for it, disclose it to the public, or indicate a time-line
for when it will be disclosed or fixed.
For more information:
http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerabili
ty/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists