Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Mac OS X and is prone to the security bypass vulnerability.

Impact

Successful exploitation could allow attackers to bypass security restrictions and launch further attacks on the system. Impact Level: System

Solution

Upgrade to Mac OS X version 10.7.3 or later. For updates refer to http://support.apple.com/downloads/

Insight

The flaw is due to an error in the implementation of Certificate Trust Policy, which allows attacker to bypass KeyChain security settings to accept an Extended Validation certificate as valid.

Affected

Mac OS X version 10.6 to 10.6.8 and Mac OS X Server version 10.6 to 10.6.8

References

http://www.securitytracker.com/id?1026002
http://xforce.iss.net/xforce/xfdb/69556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3422

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Mac OS X PackageKit Format String Vulnerability
MS Office Outlook Information Disclosure Vulnerability - 2813682 (Mac OS X)
Apple Mac OS X iWork 9.1 Update
Mac OS X 'Internet plug-ins' Unspecified Vulnerability (2012-003)
Mac OS X Security Update 2009-004

Take action and discover your vulnerabilities