Summary
This host is installed with Mac OS X and is prone to the security bypass vulnerability.
Impact
Successful exploitation could allow attackers to bypass security restrictions and launch further attacks on the system.
Impact Level: System
Solution
Upgrade to Mac OS X version 10.7.3 or later.
For updates refer to http://support.apple.com/downloads/
Insight
The flaw is due to an error in the implementation of Certificate Trust Policy, which allows attacker to bypass KeyChain security settings to accept an Extended Validation certificate as valid.
Affected
Mac OS X version 10.6 to 10.6.8 and
Mac OS X Server version 10.6 to 10.6.8
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3422 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Mac OS X PackageKit Format String Vulnerability
- Mac OS X Certificate Trust Policy Information Disclosure Vulnerability (2011-005)
- Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability
- Microsoft Silverlight Information Disclosure Vulnerability-2890788 (Mac OS X)
- Mac OS X 'Internet plug-ins' Unspecified Vulnerability (2012-003)