Design/Logic Flaw

2015-08-1623:59:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.1%

JSON

The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.

CPENameOperatorVersion
mac_os_xle10.10.4

CPE	Name	Operator	Version
	mac_os_x	le	10.10.4

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

www.securityfocus.com/bid/76340

www.securitytracker.com/id/1033276

support.apple.com/kb/HT205031