Downgrade Vulnerability in iOS, tvOS, and OS X from Apple
CVE-2016-4644

6.5MEDIUM

Key Information:

Vendor
Apple
Status
iPhone OS
Mac Os
Apple Tv
Vendor
CVE Published:
11 January 2019

Summary

An issue was identified in various Apple products where HTTP authentication credentials stored in the Keychain could be vulnerable to downgrade attacks. This could potentially allow unauthorized access to sensitive data, as older authentication methods might be leveraged by an attacker. The vulnerabilities observed have now been addressed by ensuring authentication types are securely stored alongside the credentials, enhancing the overall security of the Keychain feature.

References

https://support.apple.com/HT206902
x_refsource_MISC
https://support.apple.com/HT206903
x_refsource_MISC
https://support.apple.com/HT206905
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.