Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote host has an application installed that is affected by
multiple vulnerabilities.

Description :

The remote Mac OS X host has a version of Apple Xcode installed that
is prior to 4.4. It is, therefore, affected by multiple
vulnerabilities :

- An information disclosure vulnerability, known as BEAST,
exists in the SSL 3.0 and TLS 1.0 protocols due to a
flaw in the way the initialization vector (IV) is
selected when operating in cipher-block chaining (CBC)
modes. A man-in-the-middle attacker can exploit this
to obtain plaintext HTTP header data, by using a
blockwise chosen-boundary attack (BCBA) on an HTTPS
session, in conjunction with JavaScript code that uses
the HTML5 WebSocket API, the Java URLConnection API,
or the Silverlight WebClient API. (CVE-2011-3389)

- An information disclosure vulnerability exists that may
allow a specially crafted App Store application to read
entries in the keychain. (CVE-2012-3698)

See also :

Solution :

Upgrade to Apple Xcode version 4.4 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 61413 ()

Bugtraq ID: 49778

CVE ID: CVE-2011-3389