Japan Vulnerability NotesJVN:56210048JVN#56210048: Apple OS X authentication issue when recovering from sleep mode
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.7%
Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode.
Impact
When Apple Remote Desktop is used in full screen mode and the remote connection is alive upon entering sleep mode, the text entered in the dialog box upon recovering from sleep mode is sent to the remotely connected host instead of the local host.
This may result in command execution at the remote host.
Solution
Update Apple OS X and Apple Remote Desktop
The developer has provided fixes for this issue in both Apple OS X and Apple Remote Desktop. Update both OS X and Apple Remote Desktop to the latest versions.
Products Affected
- OS X versions prior to 10.9
- Apple Remote Desktop versions prior to 3.7
Related
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.7%