Home / mailings APPLE-SA-2013-10-22-7 Apple Remote Desktop 3.7
Posted on 23 October 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-10-22-7 Apple Remote Desktop 3.7
Apple Remote Desktop 3.7 is now available and addresses the
following:
Apple Remote Desktop
Available for: Apple Remote Desktop 3.0 or later
Impact: A warning about use of VNC without encryption may not appear
Description: If a third-party VNC server reported certain
authentication types, Remote Desktop may have used password
authentication but not warned that the connection would be
unencrypted. This issue was addressed through improved handling of
authentication types.
CVE-ID
CVE-2013-5136 : Mark S. C. Smith studying at Central Connecticut
State University
Apple Remote Desktop
Available for: Apple Remote Desktop 3.0 or later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A format string vulnerability existed in Remote
Desktop's handling of the VNC username.
CVE-ID
CVE-2013-5135 : SilentSignal working with iDefense VCP
Apple Remote Desktop 3.7 may be obtained from the Software Update
pane, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "RemoteDesktopClient3.7.dmg"
Its SHA-1 digest is: dc93c3f62309898e317fe0704ca737ad066f3d91
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
