#5: The BOM files permissions are fixed up and /Library/Receipts (and
important descendants) get a sticky bit to prevent shenanigans.
#8: /Library/Frameworks gets a sticky bit to prevent Mallory from
replacing pieces executed as root inside Application
Enhancer.framework
#15: The three suid programs in /Apps/Utilities mentioned in the
advisory are changed to not be admin-writable. This is also done to
/Applications/System
Preferences.app/Contents/Resources/installAssistant which has similar
issues.
I found a couple other privilege escalation problems while working on
these. I've attempted vendor notification in both cases. One claims
the problem doesn't exist, the other has not responded yet...
--
wac