How to Buy
This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote host has an application installed that is affected by
The remote Mac OS X host has a version of Apple Xcode installed that
is prior to 4.4. It is, therefore, affected by multiple
- An information disclosure vulnerability, known as BEAST,
exists in the SSL 3.0 and TLS 1.0 protocols due to a
flaw in the way the initialization vector (IV) is
selected when operating in cipher-block chaining (CBC)
modes. A man-in-the-middle attacker can exploit this
to obtain plaintext HTTP header data, by using a
blockwise chosen-boundary attack (BCBA) on an HTTPS
the HTML5 WebSocket API, the Java URLConnection API,
or the Silverlight WebClient API. (CVE-2011-3389)
- An information disclosure vulnerability exists that may
allow a specially crafted App Store application to read
entries in the keychain. (CVE-2012-3698)
See also :
Upgrade to Apple Xcode version 4.4 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 61413 ()
Bugtraq ID: 4977854679
CVE ID: CVE-2011-3389CVE-2012-3698
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.