Published: 02/04/2017 Updated: 08/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. iOS prior to 10.3 is affected. macOS prior to 10.12.4 is affected. tvOS prior to 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle malicious users to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
apple watchos
apple tvos
apple iphone os

Apple iCloud Keychain easily slurped by cops, ElcomSoft claims

The Register • Thomas Claburn in San Francisco • 22 Aug 2017

Credentials stored in the cloud succumb to forensic software

ElcomSoft, the Russia-based maker of forensic software, has managed to find a way for crime investigators to access the data stored in Apple's iCloud Keychain, if Apple ID account credentials are available. Apple's iCloud Keychain is a remote copy of the password vault that's optionally available to users of iOS and macOS devices. If enabled, it can store copies of credentials for Safari websites, for services like Facebook, Twitter and LinkedIn, and for applications like Calendar, Contacts, and...

CVE-2017-2448

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect