Mac OS X Keychain Certificate Settings Can Be Bypassed By Remote Users
|
|
SecurityTracker Alert ID: 1026002 |
|
SecurityTracker URL: http://securitytracker.com/id/1026002
|
|
CVE Reference:
CVE-2011-3422
(Links to External Site)
|
Updated: Sep 14 2011
|
Original Entry Date: Sep 2 2011
|
Impact:
Modification of system information
|
Exploit Included: Yes
|
Version(s): 10.6.8 and prior versions
|
Description:
A vulnerability was reported in Mac OS X. A remote user can bypass keychain certificate settings in certain cases.
The Mac OS X operating system will accept an Extended Validation certificate as valid even if the user has marked the root certificate authority (CA) trust settings in Keychain Access as "Never Trust".
Ryan Sleevi reported this vulnerability.
|
Impact:
A remote user can bypass keychain certificate settings in certain cases.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 02 Sep 2011 02:08:16 +0000
Subject: Mac OS X
|
http://www.macworld.com/article/162086/2011/08/mac_os_x_cant_properly_revoke_dodgy_digital_certificates.html
http://arstechnica.com/apple/news/2011/09/safari-users-still-susceptible-to-attacks-using-fake-diginotar-certs.ars
|
|
