Printed from http://www.electronista.com

Apple Remote Desktop updated, closes 3.5.2 security bug

updated 09:00 pm EDT, Mon September 17, 2012

Version 3.5.3 fixes non-encryption but in previous version

Late Monday, Apple updated its Apple Remote Desktop Admin software to version 3.5.3 to fix a fault in the previous version that failed to encrypt network data even when a preference to do so was expressly checked when connecting to a third-party VNC server. Although the fault was limited to version 3.5.2 and does not affect ARD Admin 3.1 and earlier, Apple is recommending that all 3.x versions update to version 3.5.3. Discovery of the issue is being credited to a student at Central Connecticut State University.

Mark S. C. Smith found that when version 3.5.2 connected to a third-party VNC server with "Encrypt all network data" set as a preference, data was nonetheless unencrypted, and no warning was given. The issue could conceivably lead to information disclosure from the transmitted data, though no incidents of the problem have been reported. ARD 3.5.2 was released in mid-June and required OS X 10.7.4 or higher.

The issue is fixed, Apple says, by creating an SSH tunnel for the VNC connection and preventing the connection if the SSH tunnel can't be created. The new update can be obtained through Software Update for machines that have ARD installed, or directly from Apple's Software Downloads web page.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News