Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by
multiple vulnerabilities.

Description :

The remote Mac OS X host has a version of Apple Xcode installed that
is prior to 4.4. It is, therefore, affected by multiple
vulnerabilities :

- An information disclosure vulnerability, known as BEAST,
exists in the SSL 3.0 and TLS 1.0 protocols due to a
flaw in the way the initialization vector (IV) is
selected when operating in cipher-block chaining (CBC)
modes. A man-in-the-middle attacker can exploit this
to obtain plaintext HTTP header data, by using a
blockwise chosen-boundary attack (BCBA) on an HTTPS
session, in conjunction with JavaScript code that uses
the HTML5 WebSocket API, the Java URLConnection API,
or the Silverlight WebClient API. (CVE-2011-3389)

- An information disclosure vulnerability exists that may
allow a specially crafted App Store application to read
entries in the keychain. (CVE-2012-3698)

See also :

http://support.apple.com/kb/HT5416
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
https://www.imperialviolet.org/2011/09/23/chromeandbeast.html
https://www.openssl.org/~bodo/tls-cbc.txt

Solution :

Upgrade to Apple Xcode version 4.4 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 61413 ()

Bugtraq ID: 49778
54679

CVE ID: CVE-2011-3389
CVE-2012-3698