Default configuration

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions...

CVE-2007-4699

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions...

CVE-2007-4699

CVE-2007-4699 involves Safari on Apple Mac OS X 10.4–10.4.10 where the default Safari configuration can add a private key to the keychain with permissions that allow other applications to access it without warning. This may bypass intended access restrictions and potentially leak credentials or e...

safari's saved password at risk

I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...

Authentication flaw

Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked...

CVE-2006-1446

Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked...

CVE-2006-1446

Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked...

CVE-2006-1446

Technical details for CVE-2006-1446 are not publicly available in the provided documents; monitor for updates.

[SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20077 VERIFY ADVISORY: http://secunia.com/advisories/20077/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, DoS, System access WHERE: From remote OPERATING SYSTEM: Apple...

Multiple MacOS X vulnerabilities

Invalid ownership information in 'Finder', invalid 'Update' functioning, memberd removed group membership unauthorized access, 'Keychain' password leak, 'Kernel' uninitialized memory leak...

CVE-2005-2739

Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password...

CVE-2005-2739

CVE-2005-2739 affects Keychain Access on Mac OS X 10.4.2 and earlier, where a password may remain visible if a keychain times out during viewing. This could allow someone with physical access to see the password. The issue is addressed by Apple in the Mac OS X 10.4.3 update (and related 10.4.x pa...

CVE-2005-2739

Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password...

APPLE-SA-2005-10-31 Mac OS X v10.4.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-10-31 Mac OS X v10.4.3 Mac OS X v10.4.3 and Mac OS X Server v10.4.3 are now available and deliver the following security enhancements: Finder CVE-ID: CVE-2005-2749 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: File...

Mac OS X 10.4.x < 10.4.3 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.3. Mac OS X 10.4.3 contains several security fixes for : - Finder - Software Update - memberd - KeyChain - Kernel C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc"; ifdescription...

CVE-2004-0622

Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login aka Loginwindow.app, Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory...

CVE-2004-0622

Apple Mac OS X 10.3.4, 10.4, 10.5 (and possibly other versions) do not properly clear memory for login (Loginwindow.app), Keychain, or FileVault passwords, which could allow a local attacker or someone with physical access to read sensitive information from memory. The affected components are the...

Mac OS X stores login/Keychain/FileVault passwords on disk

It seems that Mac OS X 10.3.4 tested doesn't bother clearing memory containing sensitive data, or using mlock to avoid swapping. A quick grep of the swapfiles will show up various morsels: rez: sudo strings -8 /var/vm/swapfile0 |grep -A 4 -i longname longname password user's password here /bin/zs...

DUO-PSA-2014-008: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2014-008 Publication Date: 2014-12-22 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to a user's local machine...

DUO-PSA-2014-008: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2014-008 Publication Date: 2014-12-22 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to a user's local machine...