Vulnerability Note VU#315856

Apple Mac OS X UserNotificationCenter privilege escalation vulnerability

Original Release date: 19 Feb 2007 | Last revised: 19 Feb 2007


Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges.


The Apple UserNotificationCenter contains a privilege escalation vulnerability.

This vulnerability occurs because the Apple UserNotificationCenter runs with elevated privileges while operating on input submitted by users with normal privileges.


A user with valid login credentials may be able to run commands or modify system files with elevated privileges.


Apply an update

This issue is addressed in Apple Security Update 2007-002.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-16 Feb 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



LMH published this vulnerability on the Month of Apple Bugs website.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2007-0023
  • Date Public: 23 Jan 2007
  • Date First Published: 19 Feb 2007
  • Date Last Updated: 19 Feb 2007
  • Severity Metric: 1.49
  • Document Revision: 23


If you have feedback, comments, or additional information about this vulnerability, please send us email.