Remote Desktop Vulnerability in Apple Product
CVE-2012-0681

Currently unrated

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 22 August 2012

Summary

Apple Remote Desktop, prior to version 3.6.1, fails to adhere to the 'Encrypt all network data' option when establishing connections with third-party VNC servers. This oversight allows attackers to intercept and access unencrypted VNC session data over the network, leading to potential exposure of sensitive information. It is crucial for users to update their software to the latest version to mitigate this security risk.

References

http://www.securityfocus.com/bid/55100

vdb-entryx_refsource_BID

http://lists.apple.com/archives/security-announce/2012/Au...

vendor-advisoryx_refsource_APPLE

http://support.apple.com/kb/HT5433

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2012
Vulnerability Reserved
Jan 12, 2012