Summary
This host is installed with Apple Remote Desktop and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to gain sensitive information.
Impact Level: Application
Solution
Upgrade to Apple Remote Desktop version 3.5.3 or later, For updates refer to http://support.apple.com/downloads/
Insight
The flaw is due to an error in application, when connecting to a third-party VNC server with 'Encrypt all network data' set, data is not encrypted and no warning is produced.
Affected
Apple Remote Desktop version 3.5.2
References
Severity
Classification
-
CVE CVE-2012-0681 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Apple iTunes Multiple Vulnerabilities - Apr10
- Apple Safari libxml Denial of Service Vulnerability