High severity7.8NVD Advisory· Published Nov 15, 2007· Updated Apr 23, 2026

CVE-2007-3749

Description

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: >=10.4.0,<=10.4.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27643nvdBroken LinkVendor Advisory
www.securityfocus.com/bid/26444nvdBroken LinkThird Party AdvisoryVDB Entry
www.us-cert.gov/cas/techalerts/TA07-319A.htmlnvdBroken LinkThird Party AdvisoryUS Government Resource
www.vupen.com/english/advisories/2007/3868nvdBroken LinkVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/38466nvdThird Party AdvisoryVDB Entry
docs.info.apple.com/article.htmlnvdBroken Link
labs.idefense.com/intelligence/vulnerabilities/display.phpnvdBroken Link
lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlnvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000