CVE-2012-4677 Information

Description

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.

Reference

http://code.google.com/p/tunnelblick/issues/detail?id=212