BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Apple Mac OS X Keychain Certificate Security Bypass

Disclosed September 2, 2011    Fully Patched

Vulnerability Description:

OS X does not properly handle the Extended Validation certificate attribute of Certificate Authority certificates. Within the Keychain, if a user has marked an Extended Validation certificate as not to be trusted, OS X will still trust it.

Vendors:

Apple

Vulnerable Software/Devices:

Apple OS X 10.6.8 and prior

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

 

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None

Leave a Reply