CVE-2010-0064 in Mac OS Xinfo

Summary

by MITRE

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/03/2026

The vulnerability identified as CVE-2010-0064 resides within the DesktopServices component of Apple Mac OS X 10.6 operating system versions prior to 10.6.3. This flaw represents a significant security issue that affects the file system's handling of ownership attributes during file operations performed through the Finder application. The vulnerability stems from improper implementation of file ownership preservation mechanisms when users copy files between directories, specifically when the source files are owned by different user accounts.

The technical flaw manifests when an authenticated user performs a copy operation through the Finder interface, where the system fails to properly reset file ownership attributes during the copy process. This behavior allows local users to maintain the original ownership of copied files, creating potential security implications beyond simple file management. The issue specifically impacts the disk-quota enforcement mechanisms that rely on proper file ownership tracking to function correctly. When files retain their original ownership during copying operations, the system's quota accounting becomes compromised, potentially allowing users to bypass intended storage limitations.

From an operational perspective, this vulnerability creates multiple attack vectors that could be exploited by malicious local users to gain unauthorized access to system resources or circumvent administrative controls. The unspecified other impacts mentioned in the vulnerability description suggest additional security implications beyond quota bypass, potentially including privilege escalation opportunities or information disclosure through manipulated file ownership attributes. The flaw particularly affects multi-user environments where proper isolation between user accounts is essential for maintaining system security and resource allocation policies.

The vulnerability aligns with CWE-276, which addresses improper file permissions and access control issues, and could potentially map to ATT&CK technique T1074.001 for data staging through file copying operations. Organizations should implement immediate mitigations including applying the official Apple security patches for Mac OS X 10.6.3 or later versions, which address the file ownership preservation behavior in DesktopServices. Additionally, system administrators should conduct thorough security audits of file ownership attributes and implement monitoring solutions to detect anomalous file copying behaviors that might indicate exploitation attempts. Regular system updates and patch management processes should be reinforced to prevent similar issues from occurring in the future, as this vulnerability demonstrates the critical importance of proper file system security controls in multi-user operating environments.

Reservation

12/15/2009

Disclosure

03/30/2010

Moderation

accepted

Entry

VDB-52442

CPE

ready

EPSS

0.00336

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!