“A local user may modify Directory Services records with system privileges”

Oct 4, 2013 19:26 GMT  ·  By

In a security advisory on its web site, Apple reveals that there’s more to OS X 10.8.5 “Supplemental” than meets the eye.

In addition to fixing bugs with FaceTime cameras, HDMI connections, and external drives, OS X 10.8.5 Supplemental Update also addresses a vulnerability that would allow a local user to modify Directory Services records with system privileges.

Affecting OS X Mountain Lion installations from v10.8 to v10.8.5, “A logic issue existed in Directory Services's verification of authentication credentials allowing a local attacker to bypass password validation,” according to the advisory.

Apple addressed the issue through improved credential validation, and credits “the rookies of 42” for discovering and reporting the vulnerability.

So before you think you don’t need Apple’s “supplemental” update just because you don’t use FaceTime, think again.

Download OS X Mountain Lion 10.8.5 Supplemental Update