What is the severity of CVE-2012-3698?

CVE-2012-3698 has a moderate severity level due to the potential for remote attackers to exploit it to read sensitive keychain entries.

How do I fix CVE-2012-3698?

To mitigate CVE-2012-3698, upgrade to Apple Xcode 4.4 or later, which includes the necessary patches.

What versions of Xcode are affected by CVE-2012-3698?

CVE-2012-3698 affects Apple Xcode versions prior to 4.4, including all versions from 1.5.0 to 4.3.2.

What is the impact of CVE-2012-3698 on keychain security?

CVE-2012-3698 allows attackers to potentially read sensitive keychain entries from applications lacking proper bundle identifiers.

Can CVE-2012-3698 be exploited without user interaction?

Yes, remote attackers can exploit CVE-2012-3698 through a crafted application without requiring user interaction.

Vulnerability/
CVE-2012-3698

medium

CWE

264

26/7/2012

3/10/2022

6/8/2024

CVE-2012-3698

First published: Thu Jul 26 2012(Updated: )

Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Xcode	<=4.3.3
Apple Xcode	=1.5.0
Apple Xcode	=2.0.0
Apple Xcode	=2.1.0
Apple Xcode	=2.2.0
Apple Xcode	=2.3.0
Apple Xcode	=2.4.0
Apple Xcode	=2.4.1
Apple Xcode	=3.1
Apple Xcode	=3.1.1
Apple Xcode	=3.1.2
Apple Xcode	=3.1.3
Apple Xcode	=3.1.4
Apple Xcode	=3.2.1
Apple Xcode	=3.2.2
Apple Xcode	=3.2.3
Apple Xcode	=3.2.4
Apple Xcode	=3.2.5
Apple Xcode	=4.0
Apple Xcode	=4.0.1
Apple Xcode	=4.0.2
Apple Xcode	=4.1.1
Apple Xcode	=4.2
Apple Xcode	=4.2.1
Apple Xcode	=4.3
Apple Xcode	=4.3.1
Apple Xcode	=4.3.2

Never miss a vulnerability like this again

Reference Links

http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html

Frequently Asked Questions

What is the severity of CVE-2012-3698?
CVE-2012-3698 has a moderate severity level due to the potential for remote attackers to exploit it to read sensitive keychain entries.
How do I fix CVE-2012-3698?
To mitigate CVE-2012-3698, upgrade to Apple Xcode 4.4 or later, which includes the necessary patches.
What versions of Xcode are affected by CVE-2012-3698?
CVE-2012-3698 affects Apple Xcode versions prior to 4.4, including all versions from 1.5.0 to 4.3.2.
What is the impact of CVE-2012-3698 on keychain security?
CVE-2012-3698 allows attackers to potentially read sensitive keychain entries from applications lacking proper bundle identifiers.
Can CVE-2012-3698 be exploited without user interaction?
Yes, remote attackers can exploit CVE-2012-3698 through a crafted application without requiring user interaction.

agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/references
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/apple xcode
version/apple xcode/4.3.3
version/apple xcode/1.5.0
version/apple xcode/2.0.0
version/apple xcode/2.1.0
version/apple xcode/2.2.0
version/apple xcode/2.3.0
version/apple xcode/2.4.0
version/apple xcode/2.4.1
version/apple xcode/3.1
version/apple xcode/3.1.1
version/apple xcode/3.1.2
version/apple xcode/3.1.3
version/apple xcode/3.1.4
version/apple xcode/3.2.1
version/apple xcode/3.2.2
version/apple xcode/3.2.3
version/apple xcode/3.2.4
version/apple xcode/3.2.5
version/apple xcode/4.0
version/apple xcode/4.0.1
version/apple xcode/4.0.2
version/apple xcode/4.1.1
version/apple xcode/4.2
version/apple xcode/4.2.1
version/apple xcode/4.3
version/apple xcode/4.3.1
version/apple xcode/4.3.2