Skip to main content

Apple Remote Desktop Format String Vulnerability

Last Update Date: 24 Oct 2013 10:48 Release Date: 24 Oct 2013 3887 Views

RISK: Medium Risk

TYPE: Operating Systems - Mac OS

TYPE: Mac OS

A vulnerability has been identified in Apple Remote Desktop. A remote user can execute arbitrary code on the target system.

  1. A remote user can send specially crafted VNC username data to trigger a format string flaw and execute arbitrary code on the target system.
  2. The system may fail to warn the user when VNC is used without encryption.

Impact

  • Remote Code Execution

System / Technologies affected

  • Version 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (3.5.4, 3.7).

Vulnerability Identifier


Source


Related Link