Apple Remote Desktop Format String Vulnerability
Last Update Date:
24 Oct 2013 10:48
Release Date:
24 Oct 2013
3887
Views
RISK: Medium Risk
TYPE: Operating Systems - Mac OS
A vulnerability has been identified in Apple Remote Desktop. A remote user can execute arbitrary code on the target system.
- A remote user can send specially crafted VNC username data to trigger a format string flaw and execute arbitrary code on the target system.
- The system may fail to warn the user when VNC is used without encryption.
Impact
- Remote Code Execution
System / Technologies affected
- Version 3.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (3.5.4, 3.7).
Vulnerability Identifier
Source
Related Link
Share with