Starbucks 2.6.1 Information Disclosure

Title: CVE-2014-0647 Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application Published: January 13, 2014 Reported to Vendor: December 2013 no direct response CVE Reference: CVE-2014-0647 Credit: This issue was discovered by Daniel E. Wood...

[SECURITY] Fedora 20 Update: python-keyring-3.3-1.fc20

The Python keyring lib provides a easy way to access the system keyring service from python. It can be used in any application that needs safe password storage. The keyring services supported by the Python keyring lib: OSXKeychain: supports the Keychain service in Mac OS X. KDEKWallet: supports t...

OSX Gather Autologin Password as Root

This module will steal the plaintext password of any user on the machine with autologin enabled. Root access is required. When a user has autologin enabled System Preferences - Accounts, OSX stores their password with an XOR encoding in /private/etc/kcpassword. This module requires Metasploit:...

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

Design/Logic Flaw

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

CVE-2013-5187

The CVE-2013-5187 entry concerns Apple Mac OS X pre-10.9 where the Screen Lock implementation fails to immediately transition to a locked state. The issue stems from the system’s reliance on a timeout for Keychain Status menu lock commands, potentially allowing a physically proximate attacker to ...

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

Apple Mac OS X Vulnerability enables Root User to Hackers by resetting the clock

Do you think, because you're using an Apple Mac, your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access. The flaw remained...

Apple Mac OS X Vulnerability enables Root User to Hackers by resetting the clock

Do you think, because you’re using an Apple Mac, your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access. The flaw remained...

iOS 7 Beta Vulnerable to Screen-Lock Bypass

An iPhone user in Spain who downloaded the beta version of Apple iOS 7, which was made available Monday, was able to bypass its screen-lock security feature. The revamped mobile operating system was unveiled by the Cupertino, California technology giant last week at its annual World Wide Develope...

OS X Gather Keychain Enumeration

This module presents a way to quickly go through the current user's keychains and collect data such as email accounts, servers, and other services. Please note: when using the GETPASS and GETPASSAUTOACCEPT option, the user may see an authentication alert flash briefly on their screen that gets...

Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)

The remote Mac OS X host has a version of Apple Xcode installed that is prior to 4.4. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector ...

Apple XCode 4.x 信息泄露漏洞

BUGTRAQ ID: 54679 CVE ID: CVE-2012-3698,CVE-2011-3389 Xcode是苹果机器上所使用的开发工具。 Apple Xcode 4.4之前版本在实现上存在安全漏洞，可被恶意用户利用泄露敏感信息，劫持用户会话，绕过某些安全限制。 1） SSL 3.0和TLS 1.0协议的实现中存在设计错误。 2） DR实现中的错误可允许App Store应用访问用Xcode构建的Helper工具中的密钥链项目。 0 Apple XCode 4.x 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2012-3698

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

Code injection

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

CVE-2012-3698

Apple Xcode before 4.4 is affected by CVE-2012-3698 due to a design issue in composing a designated requirement (DR) during signing of programs without bundle identifiers. This allows remote attackers to read keychain entries via a crafted app, demonstrated with keychain data from a helper tool o...

CVE-2012-3698

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability

Mac OS X is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability

This host is installed with Mac OS X and is prone to the security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodmacosxkeychainimplsecbypassvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability Authors: Antu Sanadi...

CVE-2011-3422

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated b...