SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Keychain Access Vendors:   Apple
Apple Keychain May Let Applications Access Locked Items
SecurityTracker Alert ID:  1016072
SecurityTracker URL:  http://securitytracker.com/id/1016072
CVE Reference:   CVE-2006-1446   (Links to External Site)
Date:  May 11 2006
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Apple Keychain. An application may be able to access Keychain items when the Keychain is locked.

An application that has obtained a reference to a Keychain item before the Keychain was locked may be able to continue using that Keychain item under certain conditions.

Apple credits Tobias Hahn of HU Berlin with reporting this vulnerability.

Impact:   A local user may be able access locked Keychain items.
Solution:   Apple has issued a fix as part of Security Update 2006-003, available via Software Update preferences and at Apple Downloads:

http://www.apple.com/support/downloads/

The Apple security advisory is available at:

http://docs.info.apple.com/article.html?artnum=303737

Vendor URL:  docs.info.apple.com/article.html?artnum=303737 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC