Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-07-26 12:55
Updated : 2012-07-30 21:00
NVD link : CVE-2012-3698
Mitre link : CVE-2012-3698
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
apple
- xcode