CVE-2012-0681

Currently unrated

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 22 August 2012

Summary

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.

References

http://www.securityfocus.com/bid/55100

vdb-entryx_refsource_BID

http://lists.apple.com/archives/security-announce/2012/Au...

vendor-advisoryx_refsource_APPLE

http://support.apple.com/kb/HT5433

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2012
Vulnerability Reserved
Jan 12, 2012