SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apple Xcode Vendors:   Apple
Apple Xcode Lets Remote Users Decrypt SSL/TLS Traffic
SecurityTracker Alert ID:  1027303
SecurityTracker URL:  http://securitytracker.com/id/1027303
CVE Reference:   CVE-2011-3389   (Links to External Site)
Date:  Jul 26 2012
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.4
Description:   A vulnerability was reported in Apple Xcode. A remote user can decrypt SSL/TLS sessions in certain cases.

A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.

The neon library (used by Subversion) is affected.

Impact:   A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
Solution:   The vendor has issued a fix (4.4), available from the Downloads section of the Apple Developer Connection Member site at:

http://developer.apple.com/

Xcode 4.4 is also available from the App Store. It is free to anyone with OS X 10.7.x Lion and later.

The download file is named: "xcode446938108a.dmg"
Its SHA-1 digest is: d04393543564f85c2f4d82e507d596d3070e9aba

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC