Printed from http://www.electronista.com

Apple Remote Desktop updated, closes 3.5.2 security bug

updated 09:00 pm EDT, Mon September 17, 2012

Version 3.5.3 fixes non-encryption but in previous version

Late Monday, Apple updated its Apple Remote Desktop Admin software to version 3.5.3 to fix a fault in the previous version that failed to encrypt network data even when a preference to do so was expressly checked when connecting to a third-party VNC server. Although the fault was limited to version 3.5.2 and does not affect ARD Admin 3.1 and earlier, Apple is recommending that all 3.x versions update to version 3.5.3. Discovery of the issue is being credited to a student at Central Connecticut State University.

Mark S. C. Smith found that when version 3.5.2 connected to a third-party VNC server with "Encrypt all network data" set as a preference, data was nonetheless unencrypted, and no warning was given. The issue could conceivably lead to information disclosure from the transmitted data, though no incidents of the problem have been reported. ARD 3.5.2 was released in mid-June and required OS X 10.7.4 or higher.

The issue is fixed, Apple says, by creating an SSH tunnel for the VNC connection and preventing the connection if the SSH tunnel can't be created. The new update can be obtained through Software Update for machines that have ARD installed, or directly from Apple's Software Downloads web page.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...

Advertisement

toggle

Most Commented

 
toggle

Popular News