This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote host has an application installed that is affected by
The remote Mac OS X host has Apple Xcode prior to 4.4 installed. It
therefore is reportedly affected by multiple vulnerabilities :
- Known attacks on the SSL 3.0 and TLS 1.0 protocol when a
cipher suite uses a block cipher in CBC mode could be
exploited to decrypt protected data. The neon library
disables the 'empty fragment' countermeasure that
prevented these attacks. This issue is addressed by
enabling the countermeasure. (CVE-2011-3389)
- An information disclosure vulnerability exists that may
allow a specially crafted App Store application to read
entries in the keychain. (CVE-2012-3698)
See also :
Upgrade to Apple Xcode version 4.4 or greater.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 61413 ()
Bugtraq ID: 4977854679
CVE ID: CVE-2011-3389CVE-2012-3698
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.