ID

VAR-201207-0093

CVE

CVE-2012-3698

TITLE

Apple Xcode Vulnerable to reading keychain entries

DESCRIPTION

Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode Specifies the requirements specified when signing programs that do not have a bundle identifier. (DR) Vulnerabilities exist that allow keychain entries to be read because of improperly configured.A third party may be able to read the keychain entry through a crafted application. Apple Xcode is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information. Information obtained may aid in further attacks. For example keychain entries for (1) accessibility tools or (2) command line tools. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-07-25-2 Xcode 4.4 Xcode 4.4 is now available and addresses the following: neon Available for: OS X Lion v10.7.4 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The neon library (used by Subversion) disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. When a Developer ID was used with Xcode to sign a product that did not have a bundle identifier, such as a command-line tool or an embedded helper, the generated DR for the product did not include the developer's ID in the part of the DR that applies to apps signed by the App Store. As a result, any App Store app may have accessed keychain items created by the product. This is addressed by generating a DR with improved checks. Affected products need to be re-signed with this version of Xcode to include the improved DR. CVE-ID CVE-2012-3698 Xcode 4.4 may be obtained from the Downloads section of the Apple Developer Connection Member site: http://developer.apple.com/ Login is required, and membership is free. Xcode 4.4 is also available from the App Store. It is free to anyone with OS X 10.7.x Lion and later. The download file is named: "xcode446938108a.dmg" Its SHA-1 digest is: d04393543564f85c2f4d82e507d596d3070e9aba Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQDy5fAAoJEPefwLHPlZEwWasP/iuE4F9PkoV01YyZlBeoQ/qE zn62KshgNUkVq0TPe/leKG0UXWxYsPQQy1+KC9o7ULnGZWrQLexO7ZySz3eImbIW VdPXslMzEbk3YiRi/syeo16IwZheMqatKTS47NTG5xREg17vos889xbqxML4ijNN 4IysAFqewbG1qdvu35RkO4uhxO/+6pLiXjkQx/z21ml8S3ZZNnPxCE/9sGWqIJ7R pO/9+hIecX05wtSUCkqfARZxObSDs0VTQZUak+8fKAF8k5aNY8GdnMrxNBCX9vkU hHgLTQ4lXaqSv2UEhbkjaZuLHHNFkNINf1pbABDWASiATP0wSLVFYM3KabMqid8I WS4b3aplqi5GqOHqRWOTtbSTsPJC73DF1PrHlvPZm7WYQmIrF6DPIlmIfK058Fqp QRpz3H1cZwFf2B/oS4VGwtqjj606lRn7En3psMRlCyKSTdUYPd5dzCIyg8CNlpuy 9AAKEU6fhY2JCEm+2LtqdBZI+WvCET50hD9ZEzkq/2m/sazASJ5W9VtH1JzFHm9N RvE4NS6k/u6BLU2zsUiqJ/cyVGMV7RF3gIEi+NXAShFNHfavDPgoTN2MPkeT3V0C sa6X/O3dn4F9PFJZvqKyHKeBRI0lV3PSgKP/xC/K+cD/YraFFFvUn7XoVZ2A8uPW bYcdpG4AJaNdEGZY71xq =OWIG -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Apple Xcode Two Vulnerabilities SECUNIA ADVISORY ID: SA50068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50068 RELEASE DATE: 2012-07-26 DISCUSS ADVISORY: http://secunia.com/advisories/50068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in Apple Xcode, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, and bypass certain security restrictions. 1) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. The weakness and the vulnerability are reported in versions prior to 4.4. SOLUTION: Update to version 4.4 via the Apple Developer site or via the App Store. PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor. ORIGINAL ADVISORY: APPLE-SA-2012-07-25-2: http://support.apple.com/kb/HT5416 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

permissions and access control

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2024-08-14T13:18:19.110000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE