CVE-2006-4887

CVE Database · CVE-2006-4887

CVE-2006-4887

· N/AModified

CVSS v3.1

N/A

EPSS

0.42%

Published

Sep 19, 2006

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Affected Products (4)

apple · apple_remote_desktopvulnerable

apple · mac_os_xvulnerable

References (12)

http://www.osvdb.org/32260

http://www.securityfocus.com/archive/1/446371/100/0/threaded

http://www.securityfocus.com/archive/1/446751/100/0/threaded

http://www.securityfocus.com/archive/1/447043/100/0/threaded

http://www.securityfocus.com/bid/20092

https://exchange.xforce.ibmcloud.com/vulnerabilities/29060