Printed from http://www.electronista.com

Apple Remote Desktop updated, closes 3.5.2 security bug

updated 09:00 pm EDT, Mon September 17, 2012

Version 3.5.3 fixes non-encryption but in previous version

Late Monday, Apple updated its Apple Remote Desktop Admin software to version 3.5.3 to fix a fault in the previous version that failed to encrypt network data even when a preference to do so was expressly checked when connecting to a third-party VNC server. Although the fault was limited to version 3.5.2 and does not affect ARD Admin 3.1 and earlier, Apple is recommending that all 3.x versions update to version 3.5.3. Discovery of the issue is being credited to a student at Central Connecticut State University.

Mark S. C. Smith found that when version 3.5.2 connected to a third-party VNC server with "Encrypt all network data" set as a preference, data was nonetheless unencrypted, and no warning was given. The issue could conceivably lead to information disclosure from the transmitted data, though no incidents of the problem have been reported. ARD 3.5.2 was released in mid-June and required OS X 10.7.4 or higher.

The issue is fixed, Apple says, by creating an SSH tunnel for the VNC connection and preventing the connection if the SSH tunnel can't be created. The new update can be obtained through Software Update for machines that have ARD installed, or directly from Apple's Software Downloads web page.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News