fkie_cve-2012-3698
Vulnerability from fkie_nvd
Published
2012-07-26 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | xcode | * | |
| apple | xcode | 1.5.0 | |
| apple | xcode | 2.0.0 | |
| apple | xcode | 2.1.0 | |
| apple | xcode | 2.2.0 | |
| apple | xcode | 2.3.0 | |
| apple | xcode | 2.4.0 | |
| apple | xcode | 2.4.1 | |
| apple | xcode | 3.1 | |
| apple | xcode | 3.1.1 | |
| apple | xcode | 3.1.2 | |
| apple | xcode | 3.1.3 | |
| apple | xcode | 3.1.4 | |
| apple | xcode | 3.2.1 | |
| apple | xcode | 3.2.2 | |
| apple | xcode | 3.2.3 | |
| apple | xcode | 3.2.4 | |
| apple | xcode | 3.2.5 | |
| apple | xcode | 4.0 | |
| apple | xcode | 4.0.1 | |
| apple | xcode | 4.0.2 | |
| apple | xcode | 4.1.1 | |
| apple | xcode | 4.2 | |
| apple | xcode | 4.2.1 | |
| apple | xcode | 4.3 | |
| apple | xcode | 4.3.1 | |
| apple | xcode | 4.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2873B5DF-A38C-43A8-A834-50863DA78AAB",
"versionEndIncluding": "4.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E282DAB-654C-4D41-B381-7E371FE05468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9191616D-46D6-4108-82CD-4A477BDBF3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17822329-EB9B-41CF-A130-87853C626DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B6EB7F-DBD9-4308-9A09-7D7EE61C6A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5050B071-9EDF-4F86-AB62-0D0A7B790078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA08472-146E-40BC-86C3-DF82717C2130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0887981B-36B9-464A-A18C-BE2959B5687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4835D49-2BEF-4C61-8795-0996C2561F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF2A61B-0FEA-4EA8-9C34-59E94E69C5CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A797759-387D-45B0-B93E-3B5959E45B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "927038FE-0C71-4F6A-AB2A-A94BE056D27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "09656EEE-89E3-408C-9548-71F565F8AC85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2559A92-4498-4CD6-803E-51B92529256E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54377E84-0C0F-4903-835C-61B526EDB58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F23EEE-AA51-48B0-A61E-7231BD91F041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B34DB8-46C7-4AEF-B49B-45762D7D590D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DA32AC-5B6D-45F6-A5DF-4F97F30CD4D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8C893E-2C93-43C9-9330-D35BDB340832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE7FE00-92DB-4B03-8CE2-3AD40B573E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0675CBEA-0D0C-4FA1-9D41-6B4D04BE947C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC8C0C9-4F93-4885-8C61-260DCEB1593C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7531C6A0-F17B-461A-86CA-9492134293FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B839D894-05A0-4970-86B6-B9FB14EAD2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1EB068-D24A-46A6-9946-A932D023F400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5167611C-A63B-4474-96BB-F2C34B4F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "110FB551-C6C2-40E5-B9C2-0DC6CFF2DE0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool."
},
{
"lang": "es",
"value": "Apple Xcode antes de v4.4 no compone adecuadamente una solicitud designada (DR) durante la firma de programas que no cuenta con identificadores de paquetes, lo que permite a atacantes remotos leer las entradas de la keychain a trav\u00e9s de una aplicaci\u00f3n hecha para tal fin, tal y como se demuestra con las entradas de keychain de (1) una herramienta de ayuda o (2) de la l\u00ednea de comandos.\r\n"
}
],
"id": "CVE-2012-3698",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-26T19:55:01.200",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…