PT-2016-6112 · Apple · Os X

Mark Rogers

Published

2016-09-25

Updated

2017-07-30

CVE-2016-4752

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.12

Description The issue concerns the SecKeyDeriveFromPassword function, which does not use the CF RETAINS RETAINED keyword. This allows attackers to obtain sensitive information from process memory by triggering key derivation.

Recommendations For versions prior to 10.12, update to Apple OS X version 10.12 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-4752

Affected Products

Os X

PT-2016-6112 · Apple · Os X

CVE-2016-4752

Weakness Enumeration

Related Identifiers

Affected Products

References · 6