exploit the possibilities

Apple Security Advisory 2012-07-25-2

Apple Security Advisory 2012-07-25-2
Posted Jul 27, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-07-25-2 - Xcode 4.4 is now available and addresses SSL and keychain access vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3389, CVE-2012-3698
MD5 | 342802618f17d83c20c098e8ac1958eb

Apple Security Advisory 2012-07-25-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-07-25-2 Xcode 4.4

Xcode 4.4 is now available and addresses the following:

neon
Available for: OS X Lion v10.7.4 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.
The neon library (used by Subversion) disabled the 'empty fragment'
countermeasure which prevented these attacks. This issue is addressed
by enabling the countermeasure.
CVE-ID
CVE-2011-3389

Xcode
Available for: OS X Lion v10.7.4 and later
Impact: Helper tools built with Xcode allow any App Store
application to read their keychain entries
Description: All signed programs contain a designated requirement
(DR) which states, from the perspective of the developer of the
program, what constraints a program needs to satisfy in order to be
considered an instance of this program. When a Developer ID was used
with Xcode to sign a product that did not have a bundle identifier,
such as a command-line tool or an embedded helper, the generated DR
for the product did not include the developer's ID in the part of the
DR that applies to apps signed by the App Store. As a result, any App
Store app may have accessed keychain items created by the product.
This is addressed by generating a DR with improved checks. Affected
products need to be re-signed with this version of Xcode to include
the improved DR.
CVE-ID
CVE-2012-3698

Xcode 4.4 may be obtained from the Downloads section of the
Apple Developer Connection Member site: http://developer.apple.com/
Login is required, and membership is free.

Xcode 4.4 is also available from the App Store. It is free to anyone
with OS X 10.7.x Lion and later.

The download file is named: "xcode446938108a.dmg"
Its SHA-1 digest is: d04393543564f85c2f4d82e507d596d3070e9aba

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQDy5fAAoJEPefwLHPlZEwWasP/iuE4F9PkoV01YyZlBeoQ/qE
zn62KshgNUkVq0TPe/leKG0UXWxYsPQQy1+KC9o7ULnGZWrQLexO7ZySz3eImbIW
VdPXslMzEbk3YiRi/syeo16IwZheMqatKTS47NTG5xREg17vos889xbqxML4ijNN
4IysAFqewbG1qdvu35RkO4uhxO/+6pLiXjkQx/z21ml8S3ZZNnPxCE/9sGWqIJ7R
pO/9+hIecX05wtSUCkqfARZxObSDs0VTQZUak+8fKAF8k5aNY8GdnMrxNBCX9vkU
hHgLTQ4lXaqSv2UEhbkjaZuLHHNFkNINf1pbABDWASiATP0wSLVFYM3KabMqid8I
WS4b3aplqi5GqOHqRWOTtbSTsPJC73DF1PrHlvPZm7WYQmIrF6DPIlmIfK058Fqp
QRpz3H1cZwFf2B/oS4VGwtqjj606lRn7En3psMRlCyKSTdUYPd5dzCIyg8CNlpuy
9AAKEU6fhY2JCEm+2LtqdBZI+WvCET50hD9ZEzkq/2m/sazASJ5W9VtH1JzFHm9N
RvE4NS6k/u6BLU2zsUiqJ/cyVGMV7RF3gIEi+NXAShFNHfavDPgoTN2MPkeT3V0C
sa6X/O3dn4F9PFJZvqKyHKeBRI0lV3PSgKP/xC/K+cD/YraFFFvUn7XoVZ2A8uPW
bYcdpG4AJaNdEGZY71xq
=OWIG
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close