Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.5 (inclusive)
View all (2 total)