Vulnerability Description
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.4.1 |
| Apple | Mac Os X Server | 10.4.1 |
| Apple | Safari | All versions |
Related Weaknesses (CWE)
References
- http://docs.info.apple.com/article.html?artnum=307041
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlPatch
- http://secunia.com/advisories/27643Vendor Advisory
- http://securitytracker.com/id?1018948
- http://www.securityfocus.com/bid/26444
- http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/3868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38485
- http://docs.info.apple.com/article.html?artnum=307041
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlPatch
- http://secunia.com/advisories/27643Vendor Advisory
- http://securitytracker.com/id?1018948
- http://www.securityfocus.com/bid/26444
- http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/3868
FAQ
What is CVE-2007-4699?
CVE-2007-4699 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user,...
How severe is CVE-2007-4699?
CVE-2007-4699 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4699?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Apple Safari.