Allow Citrix Secure Access app for macOS to access device certificate without asking for system credentials every time

If device certificate check has been configured on ADC, then the client app Citrix Secure Access must provide the device certificate present in the Mac’s Keychain. Since the certificate is placed in “System Keychain”, macOS might prompt for system credentials every time the user logs on. To avoid...

Classic Buffer Overflow in john

Description For 1Password Cloud Keychain plugin, the length of inputs are not properly checked. Then inputs are copied to fixed length buffers. For example, creating a salt with a larger length allow a buffer overflow. Proof of Concept Using the cloudkeychain.hash file: $ ./run/john...

CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens...

CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens...

Authentication flaw

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens...

CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens...

CVE-2017-13909

CVE-2017-13909 affects macOS High Sierra 10.13 where sensitive tokens (iCloud authentication tokens) were stored insecurely. Root cause: tokens were stored outside of a secure store; fix implemented by storing tokens in Keychain. Impact: a local attacker may gain access to iCloud authentication t...

CVE-2021-0963

In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in onCreate of KeyChainActivity.java. The application certificate stored in the keychain can be exploited by an attacker, who can use t...

CVE-2021-30912

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items...

CVE-2021-30912

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items...

Design/Logic Flaw

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items...

CVE-2021-30912

CVE-2021-30912 affects macOS: a data-leak via Keychain access due to improved permissions logic. Fixes are in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, and macOS Big Sur 11.6.1. The issue is addressed in the Apple advisory; a malicious application could access a user’s Keychain it...

CVE-2021-30912

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items...

Apple macOS Big Sur 权限许可和访问控制问题漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A vulnerability with privilege license and access control issues exists in multiple Apple products, where a malicious application could gain access to a user's Keychain project. The vulnerability is fixed in the following products an...

curl: CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport

Summary: libcurl Secure Transport SSL backend fails to secure the CURLOPTSSLCERT against current directory file overriding the keychain nickname specified. This leads to the possibility of locally created file overriding the CURLOPTSSLCERT specified certificate and thus causing denial of service...

@arpinum/backend (>=0.0.3 <=0.0.65), @austbot/wallet-sdk (=1.0.0-beta.21) +135 more potentially affected by CVE-2021-21267 via schema-inspector (>=1.4.2 <=1.7.0)

schema-inspector NPM version =1.4.2, =0.0.3, =0.1.0, =0.1.5, =0.1.1, =0.0.3, =0.0.1, =1.0.0, =3.2.7, =3.3.4, =0.0.3, =2.0.0, =0.0.1, =4.1.2 and more Source cves: CVE-2021-21267 Source advisory: OSV:GHSA-F38P-C2GQ-4PMR...

SwiftyInsta - Instagram Unofficial Private API Swift

Instagram offers two kinds of APIs to developers. The Instagram API Platform extremely limited in functionality and close to being discontinued, and the Instagram Graph API for Business and Creator accounts only. However, Instagram apps rely on a third type of API , the so-called Private API or...

Fedora 32 : mumble (2020-8372f6bae4)

Mumble 1.3.2. === Client - Fixed: Overlay not starting 4282 Server - Fixed: keychain-error on macOS for custom certificates 4345 Known issues - Overlay blocked by BattleEye. A request to whitelist it has been made. - Overlay blocked by CS:GO Trusted Mode Note that Tenable Network Security has...

Fedora 31 : mumble (2020-ca26a3f832)

Mumble 1.3.2. === Client - Fixed: Overlay not starting 4282 Server - Fixed: keychain-error on macOS for custom certificates 4345 Known issues - Overlay blocked by BattleEye. A request to whitelist it has been made. - Overlay blocked by CS:GO Trusted Mode Note that Tenable Network Security has...