Main Vulnerability Database Vulnerabilities #VU44613

Cryptographic issues in macOS and macOS Server - CVE-2011-3212

Published: October 14, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44613

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-3212

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS
macOS Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.

How to mitigate CVE-2011-3212

Install update from vendor's website.

Sources

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://osvdb.org/76362
http://support.apple.com/kb/HT5002
http://support.apple.com/kb/HT5281
http://www.securityfocus.com/bid/50085

Cryptographic issues in macOS and macOS Server - CVE-2011-3212

Detailed vulnerability description

How to mitigate CVE-2011-3212

Sources

Please verify you're human