Apple Keychain May Let Applications Access Locked Items
|
|
SecurityTracker Alert ID: 1016072 |
|
SecurityTracker URL: http://securitytracker.com/id/1016072
|
|
CVE Reference:
CVE-2006-1446
(Links to External Site)
|
Date: May 11 2006
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Apple Keychain. An application may be able to access Keychain items when the Keychain is locked.
An application that has obtained a reference to a Keychain item before the Keychain was locked may be able to continue using that Keychain item under certain conditions.
Apple credits Tobias Hahn of HU Berlin with reporting this vulnerability.
|
Impact:
A local user may be able access locked Keychain items.
|
Solution:
Apple has issued a fix as part of Security Update 2006-003, available via Software Update preferences and at Apple Downloads:
http://www.apple.com/support/downloads/
The Apple security advisory is available at:
http://docs.info.apple.com/article.html?artnum=303737
|
Vendor URL: docs.info.apple.com/article.html?artnum=303737 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
