Mac OS X : GarageBand < 5.1

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of GarageBand that is affected by an
information disclosure vulnerability.

Description :

The remote Mac OS X 10.5 host is running a version of GarageBand
older than 5.1. When such versions are opened, Safari's preferences
are changed from the default setting to accept cookies only for the
sites being visited to always except cookies. This change may allow
third-parties, in particular advertisers, to track a user's browsing
activity.

See also :

http://support.apple.com/kb/HT3732
http://lists.apple.com/archives/security-announce/2009/Aug/msg00000.html

Solution :

Upgrade to GarageBand 5.1 or later and check that Safari's preferences
are set as desired.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 40480 (macosx_garageband_5_1.nasl)

Bugtraq ID: 35926

CVE ID: CVE-2009-2198