Apple Remote Desktop Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Apple Remote Desktop and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to gain sensitive information. Impact Level: Application

Solution

Upgrade to Apple Remote Desktop version 3.5.3 or later, For updates refer to http://support.apple.com/downloads/

Insight

The flaw is due to an error in application, when connecting to a third-party VNC server with 'Encrypt all network data' set, data is not encrypted and no warning is produced.

Affected

Apple Remote Desktop version 3.5.2

References

http://lists.apple.com/archives/security-announce/2012/Sep/msg00002.html
http://secunia.com/advisories/50352
http://support.apple.com/downloads
http://support.apple.com/kb/HT5462

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0681

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Apache Tomcat Multiple Vulnerabilities - 02 Mar14

Take action and discover your vulnerabilities