Apple Mac OS X firmware password bypass
| macosx-firmware-password-bypass (25620) |  Medium Risk |
Description:
Apple Mac OS X running on Intel-based Macintosh systems could allow a local attacker to bypass the firmware password feature and gain Single User Mode access to the system.
Consequences:
Bypass Security
Remedy:
Apply the Mac OS X 10.4.6 Security Update, available from the Apple Web site. See References.
References:
- Apple Mac OS X 10.4.6 Update: About the security content of the Mac OS X 10.4.6 Update.
- Apple Web site: Apple security updates.
- BID-17364: Apple Mac OS X Intel-Based Local Authentication Bypass Vulnerability
- CVE-2006-0401: Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
- OSVDB ID: 24399: Mac OS X Firmware Unspecified Password Bypass
- SA19462: Mac OS X Firmware Password Bypass Vulnerability
- SECTRACK ID: 1015859: Mac OS X Firmware Password Can By Bypassed on Intel-Based Systems
- VUPEN/ADV-2006-1215: Apple Mac OS X Firmware Password Feature Security Bypass Vulnerability
Platforms Affected:
- Apple Mac OS X 10.4.5
- Apple Mac OS X Server 10.4.5
Reported:
Apr 03, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net