Apple Remote Desktop Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Apple Remote Desktop and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to gain sensitive information. Impact Level: Application

Solution

Upgrade to Apple Remote Desktop version 3.5.3 or later, For updates refer to http://support.apple.com/downloads/

Insight

The flaw is due to an error in application, when connecting to a third-party VNC server with 'Encrypt all network data' set, data is not encrypted and no warning is produced.

Affected

Apple Remote Desktop version 3.5.2

References

http://lists.apple.com/archives/security-announce/2012/Sep/msg00002.html
http://secunia.com/advisories/50352
http://support.apple.com/downloads
http://support.apple.com/kb/HT5462

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0681

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)

Take action and discover your vulnerabilities