{"id":5581,"date":"2012-08-23T09:41:16","date_gmt":"2012-08-23T16:41:16","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=5581"},"modified":"2013-04-10T07:35:20","modified_gmt":"2013-04-10T14:35:20","slug":"apple-releases-security-updates-for-apple-remote-desktop-3-0-or-later","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-security-updates-for-apple-remote-desktop-3-0-or-later\/","title":{"rendered":"Apple Releases Security Updates for Apple Remote Desktop 3.0 or Later"},"content":{"rendered":"

On August 20, Apple released security updates to fix vulnerabilities found in Apple Remote Desktop. The recommended update is available for Apple Remote Desktop 3.0 or later, which fixes an issue when connecting to a third-party VNC server with \u201cEncrypt all network data\u201d set. Outlined under CVE-2012-0681<\/a>, the vulnerability allows remote attackers to \u201cobtain cleartext VNC session content by sniffing the network,\u201d leading to possible information disclosure.<\/p>\n

Apple further described<\/a> the vulnerability:<\/p>\n

When connecting to a third-party VNC server with “Encrypt all network data” set, data is not encrypted and no warning is produced. This issue is addressed by creating an SSH tunnel for the VNC connection in this configuration, and preventing the connection if the SSH tunnel cannot be created. This issue does not affect Apple Remote Desktop 3.5.1 and earlier.<\/p><\/blockquote>\n

Apple Remote Desktop 3.6.1 may be obtained from the Mac App Store, the Software Update pane in System Preferences, or Apple\u2019s Software Downloads<\/a> page.<\/p>\n","protected":false},"excerpt":{"rendered":"

On August 20, Apple released security updates to fix vulnerabilities found in Apple Remote Desktop. The recommended update is available for Apple Remote Desktop 3.0 or later, which fixes an issue when connecting to a third-party VNC server with \u201cEncrypt all network data\u201d set. Outlined under CVE-2012-0681, the vulnerability allows remote attackers to \u201cobtain cleartext […]<\/p>\n","protected":false},"author":4,"featured_media":8761,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[3151,349,201],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n