PT-2015-4097 · Apple · Os X
Frode Moe
+1
·
Published
2015-01-30
·
Updated
2017-09-08
·
CVE-2014-8831
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OS X versions prior to 10.10.2
Description
The issue allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a self-signed certificate or Developer ID certificate.
Recommendations
For OS X versions prior to 10.10.2, update to version 10.10.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Os X