The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
References
Configurations
Information
Published : 2016-09-25 03:59
Updated : 2017-07-29 18:29
NVD link : CVE-2016-4752
Mitre link : CVE-2016-4752
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apple
- mac_os_x