var-201207-0093
Vulnerability from variot
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode Specifies the requirements specified when signing programs that do not have a bundle identifier. (DR) Vulnerabilities exist that allow keychain entries to be read because of improperly configured.A third party may be able to read the keychain entry through a crafted application. Apple Xcode is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information. Information obtained may aid in further attacks. For example keychain entries for (1) accessibility tools or (2) command line tools. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-07-25-2 Xcode 4.4
Xcode 4.4 is now available and addresses the following:
neon Available for: OS X Lion v10.7.4 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The neon library (used by Subversion) disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. When a Developer ID was used with Xcode to sign a product that did not have a bundle identifier, such as a command-line tool or an embedded helper, the generated DR for the product did not include the developer's ID in the part of the DR that applies to apps signed by the App Store. As a result, any App Store app may have accessed keychain items created by the product. This is addressed by generating a DR with improved checks. Affected products need to be re-signed with this version of Xcode to include the improved DR. CVE-ID CVE-2012-3698
Xcode 4.4 may be obtained from the Downloads section of the Apple Developer Connection Member site: http://developer.apple.com/ Login is required, and membership is free.
Xcode 4.4 is also available from the App Store. It is free to anyone with OS X 10.7.x Lion and later.
The download file is named: "xcode446938108a.dmg" Its SHA-1 digest is: d04393543564f85c2f4d82e507d596d3070e9aba
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy5fAAoJEPefwLHPlZEwWasP/iuE4F9PkoV01YyZlBeoQ/qE zn62KshgNUkVq0TPe/leKG0UXWxYsPQQy1+KC9o7ULnGZWrQLexO7ZySz3eImbIW VdPXslMzEbk3YiRi/syeo16IwZheMqatKTS47NTG5xREg17vos889xbqxML4ijNN 4IysAFqewbG1qdvu35RkO4uhxO/+6pLiXjkQx/z21ml8S3ZZNnPxCE/9sGWqIJ7R pO/9+hIecX05wtSUCkqfARZxObSDs0VTQZUak+8fKAF8k5aNY8GdnMrxNBCX9vkU hHgLTQ4lXaqSv2UEhbkjaZuLHHNFkNINf1pbABDWASiATP0wSLVFYM3KabMqid8I WS4b3aplqi5GqOHqRWOTtbSTsPJC73DF1PrHlvPZm7WYQmIrF6DPIlmIfK058Fqp QRpz3H1cZwFf2B/oS4VGwtqjj606lRn7En3psMRlCyKSTdUYPd5dzCIyg8CNlpuy 9AAKEU6fhY2JCEm+2LtqdBZI+WvCET50hD9ZEzkq/2m/sazASJ5W9VtH1JzFHm9N RvE4NS6k/u6BLU2zsUiqJ/cyVGMV7RF3gIEi+NXAShFNHfavDPgoTN2MPkeT3V0C sa6X/O3dn4F9PFJZvqKyHKeBRI0lV3PSgKP/xC/K+cD/YraFFFvUn7XoVZ2A8uPW bYcdpG4AJaNdEGZY71xq =OWIG -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi
TITLE: Apple Xcode Two Vulnerabilities
SECUNIA ADVISORY ID: SA50068
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50068
RELEASE DATE: 2012-07-26
DISCUSS ADVISORY: http://secunia.com/advisories/50068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50068/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and a vulnerability have been reported in Apple Xcode, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, and bypass certain security restrictions.
1) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols.
The weakness and the vulnerability are reported in versions prior to 4.4.
SOLUTION: Update to version 4.4 via the Apple Developer site or via the App Store.
PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor.
ORIGINAL ADVISORY: APPLE-SA-2012-07-25-2: http://support.apple.com/kb/HT5416
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "xcode",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.4.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.3.0"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3698"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "BID",
"id": "54679"
},
{
"db": "PACKETSTORM",
"id": "115046"
}
],
"trust": 0.4
},
"cve": "CVE-2012-3698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3698",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-56979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3698",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-552",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56979"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode Specifies the requirements specified when signing programs that do not have a bundle identifier. (DR) Vulnerabilities exist that allow keychain entries to be read because of improperly configured.A third party may be able to read the keychain entry through a crafted application. Apple Xcode is prone to an information-disclosure vulnerability. \nAttackers can leverage this issue to gain access to sensitive information. Information obtained may aid in further attacks. For example keychain entries for (1) accessibility tools or (2) command line tools. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-07-25-2 Xcode 4.4\n\nXcode 4.4 is now available and addresses the following:\n\nneon\nAvailable for: OS X Lion v10.7.4 and later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe neon library (used by Subversion) disabled the \u0027empty fragment\u0027\ncountermeasure which prevented these attacks. This issue is addressed\nby enabling the countermeasure. When a Developer ID was used\nwith Xcode to sign a product that did not have a bundle identifier,\nsuch as a command-line tool or an embedded helper, the generated DR\nfor the product did not include the developer\u0027s ID in the part of the\nDR that applies to apps signed by the App Store. As a result, any App\nStore app may have accessed keychain items created by the product. \nThis is addressed by generating a DR with improved checks. Affected\nproducts need to be re-signed with this version of Xcode to include\nthe improved DR. \nCVE-ID\nCVE-2012-3698\n\nXcode 4.4 may be obtained from the Downloads section of the\nApple Developer Connection Member site: http://developer.apple.com/\nLogin is required, and membership is free. \n\nXcode 4.4 is also available from the App Store. It is free to anyone\nwith OS X 10.7.x Lion and later. \n\nThe download file is named: \"xcode446938108a.dmg\"\nIts SHA-1 digest is: d04393543564f85c2f4d82e507d596d3070e9aba\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQDy5fAAoJEPefwLHPlZEwWasP/iuE4F9PkoV01YyZlBeoQ/qE\nzn62KshgNUkVq0TPe/leKG0UXWxYsPQQy1+KC9o7ULnGZWrQLexO7ZySz3eImbIW\nVdPXslMzEbk3YiRi/syeo16IwZheMqatKTS47NTG5xREg17vos889xbqxML4ijNN\n4IysAFqewbG1qdvu35RkO4uhxO/+6pLiXjkQx/z21ml8S3ZZNnPxCE/9sGWqIJ7R\npO/9+hIecX05wtSUCkqfARZxObSDs0VTQZUak+8fKAF8k5aNY8GdnMrxNBCX9vkU\nhHgLTQ4lXaqSv2UEhbkjaZuLHHNFkNINf1pbABDWASiATP0wSLVFYM3KabMqid8I\nWS4b3aplqi5GqOHqRWOTtbSTsPJC73DF1PrHlvPZm7WYQmIrF6DPIlmIfK058Fqp\nQRpz3H1cZwFf2B/oS4VGwtqjj606lRn7En3psMRlCyKSTdUYPd5dzCIyg8CNlpuy\n9AAKEU6fhY2JCEm+2LtqdBZI+WvCET50hD9ZEzkq/2m/sazASJ5W9VtH1JzFHm9N\nRvE4NS6k/u6BLU2zsUiqJ/cyVGMV7RF3gIEi+NXAShFNHfavDPgoTN2MPkeT3V0C\nsa6X/O3dn4F9PFJZvqKyHKeBRI0lV3PSgKP/xC/K+cD/YraFFFvUn7XoVZ2A8uPW\nbYcdpG4AJaNdEGZY71xq\n=OWIG\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nWe are millions! Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Xcode Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50068\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50068/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50068\n\nRELEASE DATE:\n2012-07-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50068/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50068/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50068\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and a vulnerability have been reported in Apple Xcode,\nwhich can be exploited by malicious people to disclose potentially\nsensitive information, hijack a user\u0027s session, and bypass certain\nsecurity restrictions. \n\n1) A design error exists within the implementation of SSL 3.0 and TLS\n1.0 protocols. \n\nThe weakness and the vulnerability are reported in versions prior to\n4.4. \n\nSOLUTION:\nUpdate to version 4.4 via the Apple Developer site or via the App\nStore. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Reported by the vendor. \n\nORIGINAL ADVISORY:\nAPPLE-SA-2012-07-25-2:\nhttp://support.apple.com/kb/HT5416\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "BID",
"id": "54679"
},
{
"db": "VULHUB",
"id": "VHN-56979"
},
{
"db": "PACKETSTORM",
"id": "115046"
},
{
"db": "PACKETSTORM",
"id": "115050"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3698",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-552",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "50068",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2012-07-25-2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20174",
"trust": 0.6
},
{
"db": "BID",
"id": "54679",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-56979",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115046",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115050",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56979"
},
{
"db": "BID",
"id": "54679"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "PACKETSTORM",
"id": "115046"
},
{
"db": "PACKETSTORM",
"id": "115050"
},
{
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"id": "VAR-201207-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-56979"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:56:23.442000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Xcode 4",
"trust": 0.8,
"url": "https://developer.apple.com/xcode/"
},
{
"title": "APPLE-SA-2012-07-25-2 Xcode 4.4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html"
},
{
"title": "HT5416",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5416"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56979"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "NVD",
"id": "CVE-2012-3698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3698"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3698"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50068"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20174"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://developer.apple.com/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3698"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50068/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50068/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50068"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5416"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56979"
},
{
"db": "BID",
"id": "54679"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "PACKETSTORM",
"id": "115046"
},
{
"db": "PACKETSTORM",
"id": "115050"
},
{
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-56979"
},
{
"db": "BID",
"id": "54679"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"db": "PACKETSTORM",
"id": "115046"
},
{
"db": "PACKETSTORM",
"id": "115050"
},
{
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-56979"
},
{
"date": "2012-07-26T00:00:00",
"db": "BID",
"id": "54679"
},
{
"date": "2012-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"date": "2012-07-27T00:13:31",
"db": "PACKETSTORM",
"id": "115046"
},
{
"date": "2012-07-27T08:42:24",
"db": "PACKETSTORM",
"id": "115050"
},
{
"date": "2012-07-26T19:55:01.200000",
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"date": "2012-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-56979"
},
{
"date": "2012-07-26T00:00:00",
"db": "BID",
"id": "54679"
},
{
"date": "2012-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003416"
},
{
"date": "2012-07-31T04:00:00",
"db": "NVD",
"id": "CVE-2012-3698"
},
{
"date": "2012-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Xcode Vulnerable to reading keychain entries",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003416"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-552"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.