Home / mailings APPLE-SA-2013-10-22-6 Apple Remote Desktop 3.5.4
Posted on 23 October 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-10-22-6 Apple Remote Desktop 3.5.4
Apple Remote Desktop 3.5.4 is now available and addresses the
following:
Apple Remote Desktop
Available for: Apple Remote Desktop 3.0 or later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A format string vulnerability existed in Remote
Desktop's handling of the VNC username.
CVE-ID
CVE-2013-5135 : SilentSignal working with iDefense VCP
Apple Remote Desktop 3.5.4 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "ARDClient3.5.4.dmg"
Its SHA-1 digest is: 5c22ffdabe875da62644331e63e64d6b27ad9afc
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
