CVE-2012-3698

Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
applexcode
𝑥
≤ 4.3.3
applexcode
1.5.0
applexcode
2.0.0
applexcode
2.1.0
applexcode
2.2.0
applexcode
2.3.0
applexcode
2.4.0
applexcode
2.4.1
applexcode
3.1
applexcode
3.1.1
applexcode
3.1.2
applexcode
3.1.3
applexcode
3.1.4
applexcode
3.2.1
applexcode
3.2.2
applexcode
3.2.3
applexcode
3.2.4
applexcode
3.2.5
applexcode
4.0
applexcode
4.0.1
applexcode
4.0.2
applexcode
4.1.1
applexcode
4.2
applexcode
4.2.1
applexcode
4.3
applexcode
4.3.1
applexcode
4.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html