0 Replies
      Latest reply on Jun 4, 2018 3:40 PM by amuc
      amuc Level 1 Level 1 (0 points)

        The page https://support.apple.com/en-us/HT205031 claims the vulnerability CVE-2013-7040 has been corrected by updating to Python 2.7.10. But since this vulnerability has not been corrected upstream I wonder how Apple corrected it?

        when I run the script https://131002.net/siphash/poc.py which shows the vulnerability on my Mac with "El Capitan" and Python 2.7.10 it shows the problem seems to still be there:

        mymac:Desktop user$ python --version
        Python 2.7.10
        mymac:Desktop user$ python -R poc.py
        48 candidate solutions
        Verified solutions for _Py_HashSecret:
        2e6c631ab443a33b 00db6e2ed6d39408
        ae6c631ab443a33b 80db6e2ed6d39408