The SecKeyDeriveFromPassword function in Apple OS X prior to 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows malicious users to obtain sensitive information from process memory by triggering key derivation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |