Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: The hatter
The hatter Author
User level: Level 9
60,980 points

Apple Patches Remote Desktop Flaw

Apple patched a vulnerability in its remote desktop product where the connection isn't being encrypted correctly. This may result in information disclosure, Apple said in its advisory.


http://support.apple.com/kb/DL1570

http://support.apple.com/kb/HT5433


Even if the user had "Encrypt all network data" selected, connecting to a third-party VNC server may result in "information disclosure" because data is not encrypted, according to a security advisory posted on the Apple website Aug. 20. The vulnerability does not affect Remote Desktop versions 3.5.1 and earlier, and version 3.6.1 is now available from the Mac App Store or Apple's Software Update Pane, or Apple's Software Downloads web site.


The download file is named "RemoteDesktopAdmin361.dmg"


The bug is a serious flaw because users don't see any warnings that the data is not being encrypted. Not knowing the data is exposed, they may send sensitive information that can be intercepted and used maliciously. The vulnerability was addressed by adding an SSH tunnel to the connection to wrap all communications within the encrypted tunnel, Apple said.


http://www.securityweek.com/apple-patches-remote-desktop-flaw


SecurityWeek

Apple Patches Remote Desktop Flaw

Mac Pro, Windows 8 Preview x64 3.2GHz

Posted on Aug 21, 2012 10:42 AM

Reply

There are no replies.

Apple Patches Remote Desktop Flaw

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up