Cisco announced a vulnerability in their Cisco Trust Agent (CTA) for Mac OS X today. Because of the “user notifications” feature of CTA, an unauthorized user could gain access to the “System Preferences” panel and change the passwords of administrative (non-root) accounts. This issue has been resolved in CTA release 2.1.104.0. Detailed information and pre-2.1.104.0 workarounds can be found on Cisco’s Product Security web site.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!