CVE-2012-3718
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — http://support.apple.com/kb/HT5501
Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | | |
| macos | 10.0 | affected | |
| macos | 10.0.0 | affected | |
| macos | 10.0.1 | affected | |
| macos | 10.0.2 | affected | |
| macos | 10.0.3 | affected | |
| macos | 10.0.4 | affected | |
| macos | 10.1 | affected | |
| macos | 10.1.0 | affected | |
| macos | 10.1.1 | affected | |
| macos | 10.1.2 | affected | |
| macos | 10.1.3 | affected | |
| macos | 10.1.4 | affected | |
| macos | 10.1.5 | affected | |
| macos | 10.2 | affected | |
| macos | 10.2.0 | affected | |
| macos | 10.2.1 | affected | |
| macos | 10.2.2 | affected | |
| macos | 10.2.3 | affected | |
| macos | 10.2.4 | affected | |
| macos | 10.2.5 | affected | |
| macos | 10.2.6 | affected | |
| macos | 10.2.7 | affected | |
| macos | 10.2.8 | affected | |
| macos | 10.3 | affected | |
| macos | 10.3.0 | affected | |
| macos | 10.3.1 | affected | |
| macos | 10.3.2 | affected | |
| macos | 10.3.3 | affected | |
| macos | 10.3.4 | affected | |
| macos | 10.3.5 | affected | |
| macos | 10.3.6 | affected | |
| macos | 10.3.7 | affected | |
| macos | 10.3.8 | affected | |
| macos | 10.3.9 | affected | |
| macos | 10.4 | affected | |
| macos | 10.4.0 | affected | |
| macos | 10.4.1 | affected | |
| macos | 10.4.2 | affected | |
| macos | 10.4.3 | affected | |
| macos | 10.4.4 | affected | |
| macos | 10.4.5 | affected | |
| macos | 10.4.6 | affected | |
| macos | 10.4.7 | affected | |
| macos | 10.4.8 | affected | |
| macos | 10.4.9 | affected | |
| macos | 10.4.10 | affected | |
| macos | 10.4.11 | affected | |
| macos | 10.5 | affected | |
| macos | 10.5.0 | affected | |
| macos | 10.5.1 | affected | |
| macos | 10.5.2 | affected | |
| macos | 10.5.3 | affected | |
| macos | 10.5.4 | affected | |
| macos | 10.5.5 | affected | |
| macos | 10.5.6 | affected | |
| macos | 10.5.7 | affected | |
| macos | 10.5.8 | affected | |
| macos | 10.6.0 | affected | |
| macos | 10.6.1 | affected | |
| macos | 10.6.2 | affected | |
| macos | 10.6.3 | affected | |
| macos | 10.6.4 | affected | |
| macos | 10.6.5 | affected | |
| macos | 10.6.6 | affected | |
| macos | 10.6.7 | affected | |
| macos | 10.6.8 | affected | |
| macos | 10.7.0 | affected | |
| macos | 10.7.1 | affected | |
| macos | 10.7.2 | affected | |
| macos | 10.7.3 | affected | |
| macos | 10.8.0 | affected | |
| macos | 10.8.1 | affected | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.