Security Update 2005-007 just popped up on my Software Update. (I'm sill on 10.3.x not 10.4)
Reading the notes, this caught my attention:Security Update 2005-007 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798
- loginwindow CVE-ID: CAN-2005-2509
Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact: A user can gain access to other logged-in accounts if Fast User Switching is enabled.
Description: An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password. This update corrects the authentication error. This issue does not affect systems prior to Mac OS X 10.4. Credit to Sam McCandlish for reporting this issue.
- The CVE has not been updated yet, so I can't find any additional info. Anyone know what the deal with this is?