CVE-2012-3698

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.

Apple Xcode antes de v4.4 no compone adecuadamente una solicitud designada (DR) durante la firma de programas que no cuenta con identificadores de paquetes, lo que permite a atacantes remotos leer las entradas de la keychain a través de una aplicación hecha para tal fin, tal y como se demuestra con las entradas de keychain de (1) una herramienta de ayuda o (2) de la línea de comandos.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-06-19 CVE Reserved
2012-07-26 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html	2012-07-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				<= 4.3.3 Search vendor "Apple" for product "Xcode" and version " <= 4.3.3"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				1.5.0 Search vendor "Apple" for product "Xcode" and version "1.5.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				2.0.0 Search vendor "Apple" for product "Xcode" and version "2.0.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				2.1.0 Search vendor "Apple" for product "Xcode" and version "2.1.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				2.2.0 Search vendor "Apple" for product "Xcode" and version "2.2.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				2.3.0 Search vendor "Apple" for product "Xcode" and version "2.3.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				2.4.0 Search vendor "Apple" for product "Xcode" and version "2.4.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				2.4.1 Search vendor "Apple" for product "Xcode" and version "2.4.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.1 Search vendor "Apple" for product "Xcode" and version "3.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.1.1 Search vendor "Apple" for product "Xcode" and version "3.1.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.1.2 Search vendor "Apple" for product "Xcode" and version "3.1.2"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.1.3 Search vendor "Apple" for product "Xcode" and version "3.1.3"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.1.4 Search vendor "Apple" for product "Xcode" and version "3.1.4"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.2.1 Search vendor "Apple" for product "Xcode" and version "3.2.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.2.2 Search vendor "Apple" for product "Xcode" and version "3.2.2"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.2.3 Search vendor "Apple" for product "Xcode" and version "3.2.3"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.2.4 Search vendor "Apple" for product "Xcode" and version "3.2.4"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				3.2.5 Search vendor "Apple" for product "Xcode" and version "3.2.5"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.0 Search vendor "Apple" for product "Xcode" and version "4.0"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.0.1 Search vendor "Apple" for product "Xcode" and version "4.0.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.0.2 Search vendor "Apple" for product "Xcode" and version "4.0.2"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.1.1 Search vendor "Apple" for product "Xcode" and version "4.1.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.2 Search vendor "Apple" for product "Xcode" and version "4.2"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.2.1 Search vendor "Apple" for product "Xcode" and version "4.2.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.3 Search vendor "Apple" for product "Xcode" and version "4.3"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.3.1 Search vendor "Apple" for product "Xcode" and version "4.3.1"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				4.3.2 Search vendor "Apple" for product "Xcode" and version "4.3.2"		-		Affected