Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by
multiple vulnerabilities.

Description :

The remote Mac OS X host has Apple Xcode prior to 4.4 installed. It
therefore is reportedly affected by multiple vulnerabilities :

- Known attacks on the SSL 3.0 and TLS 1.0 protocol when a
cipher suite uses a block cipher in CBC mode could be
exploited to decrypt protected data. The neon library
disables the 'empty fragment' countermeasure that
prevented these attacks. This issue is addressed by
enabling the countermeasure. (CVE-2011-3389)

- An information disclosure vulnerability exists that may
allow a specially crafted App Store application to read
entries in the keychain. (CVE-2012-3698)

See also :

http://support.apple.com/kb/HT5416
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html

Solution :

Upgrade to Apple Xcode version 4.4 or greater.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 61413 ()

Bugtraq ID: 49778
54679

CVE ID: CVE-2011-3389
CVE-2012-3698