Apple Remote Desktop Format String Vulnerability
Last Update Date:
24 Oct 2013 10:48
Release Date:
24 Oct 2013
3187
Views
RISK: Medium Risk
TYPE: Operating Systems - Mac OS
![TYPE: Mac OS](/f/bulletin_type/100002/37p37/operation-system-macos.png)
A vulnerability has been identified in Apple Remote Desktop. A remote user can execute arbitrary code on the target system.
- A remote user can send specially crafted VNC username data to trigger a format string flaw and execute arbitrary code on the target system.
- The system may fail to warn the user when VNC is used without encryption.
Impact
- Remote Code Execution
System / Technologies affected
- Version 3.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (3.5.4, 3.7).
Vulnerability Identifier
Source
Related Link
Share with