CVE-2007-4699

high

Description

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/38485

http://www.vupen.com/english/advisories/2007/3868

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

http://www.securityfocus.com/bid/26444

http://securitytracker.com/id?1018948

http://secunia.com/advisories/27643

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

http://docs.info.apple.com/article.html?artnum=307041

Details

Source: Mitre, NVD

Published: 2007-11-15

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00301