VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 12, 2011· Updated Apr 29, 2026

CVE-2011-3422

CVE-2011-3422

Description

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Apple Inc./Mac OS X10 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.6.8
    • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*
    • (no CPE)range: <=10.6.8
  • Apple Inc./Mac OS X Server9 versions
    cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*range: <=10.6.8
    • cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.