Apple Keychain May Let Applications Access Locked Items
|
|
SecurityTracker Alert ID: 1016072
|
|
SecurityTracker URL: http://securitytracker.com/id?1016072
|
|
CVE Reference: CVE-2006-1446
(Links to External Site)
|
Date: May 11 2006
|
Impact: User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Apple Security Advisory
|
Description: A vulnerability was reported in Apple Keychain. An application may be able to access Keychain items when the Keychain is locked.
An application that has obtained a reference to a Keychain item before the Keychain was locked may be able to continue using that
Keychain item under certain conditions.
Apple credits Tobias Hahn of HU Berlin with reporting this vulnerability.
|
Impact: A local user may be able access locked Keychain items.
|
Solution: Apple has issued a fix as part of Security Update 2006-003, available via Software Update preferences and at Apple Downloads:
http://www.apple.com/support/downloads/
The Apple security advisory is available at:
http://docs.info.apple.com/article.html?artnum=303737
|
Vendor URL: docs.info.apple.com/article.html?artnum=303737 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
