CVE-2011-3422

Apple Mac OS X <10.6.8 - Man-In-The-Middle

Title source: llm
STIX 2.1

Description

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49429
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5130
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026002
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69556

Scores

EPSS 0.0086
EPSS Percentile 54.2%

Details

CWE
CWE-20
Status published
Products (18)
apple/mac_os_x 10.6.0
apple/mac_os_x 10.6.1
apple/mac_os_x 10.6.2
apple/mac_os_x 10.6.3
apple/mac_os_x 10.6.4
apple/mac_os_x 10.6.5
apple/mac_os_x 10.6.6
apple/mac_os_x 10.6.7
apple/mac_os_x < 10.6.8
apple/mac_os_x_server 10.6.0
... and 8 more
Published Sep 12, 2011
Tracked Since Feb 18, 2026