This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2013-10-23
Product Apple Remote Desktop Last view 2015-11-13
Version 3.2.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:apple:apple_remote_desktop

Activity : Overall

Related : CVE

  Date Alert Description
3.7 2015-11-13 CVE-2013-5229

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.

4.3 2013-10-23 CVE-2013-5136

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

7.5 2013-10-23 CVE-2013-5135

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-254 Security Features
33% (1) CWE-200 Information Exposure
33% (1) CWE-134 Uncontrolled Format String

ExploitDB Exploits

id Description
29168 Apple Remote Desktop 3.7 - PoC

Nessus® Vulnerability Scanner

id Description
2013-10-25 Name: The Mac OS X host has a remote management application that is potentially aff...
File: macosx_remote_desktop_3_7.nasl - Type: ACT_GATHER_INFO
2013-10-23 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_9.nasl - Type: ACT_GATHER_INFO