Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Mac OS X and is prone to the security bypass vulnerability.

Impact

Successful exploitation could allow attackers to bypass security restrictions and launch further attacks on the system. Impact Level: System

Solution

Upgrade to Mac OS X version 10.7.3 or later. For updates refer to http://support.apple.com/downloads/

Insight

The flaw is due to an error in the implementation of Certificate Trust Policy, which allows attacker to bypass KeyChain security settings to accept an Extended Validation certificate as valid.

Affected

Mac OS X version 10.6 to 10.6.8 and Mac OS X Server version 10.6 to 10.6.8

References

http://www.securitytracker.com/id?1026002
http://xforce.iss.net/xforce/xfdb/69556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3422
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mac OS X Certificate Trust Policy Information Disclosure Vulnerability (2011-005)
Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
Mac OS X 'Internet plug-ins' Unspecified Vulnerability (2012-003)
Microsoft Silverlight Information Disclosure Vulnerability-2890788 (Mac OS X)
Apple Mac OS X PackageKit Format String Vulnerability

Take action and discover your vulnerabilities