CVE-2011-3212

LOW

Description

CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.

References

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://osvdb.org/76362

http://support.apple.com/kb/HT5002

http://support.apple.com/kb/HT5281

http://www.securityfocus.com/bid/50085

Details

Source: MITRE

Published: 2011-10-14

Updated: 2012-05-12

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW