Printed from http://www.electronista.com

Apple Remote Desktop updated, closes 3.5.2 security bug

updated 09:00 pm EDT, Mon September 17, 2012

Version 3.5.3 fixes non-encryption but in previous version

Late Monday, Apple updated its Apple Remote Desktop Admin software to version 3.5.3 to fix a fault in the previous version that failed to encrypt network data even when a preference to do so was expressly checked when connecting to a third-party VNC server. Although the fault was limited to version 3.5.2 and does not affect ARD Admin 3.1 and earlier, Apple is recommending that all 3.x versions update to version 3.5.3. Discovery of the issue is being credited to a student at Central Connecticut State University.

Mark S. C. Smith found that when version 3.5.2 connected to a third-party VNC server with "Encrypt all network data" set as a preference, data was nonetheless unencrypted, and no warning was given. The issue could conceivably lead to information disclosure from the transmitted data, though no incidents of the problem have been reported. ARD 3.5.2 was released in mid-June and required OS X 10.7.4 or higher.

The issue is fixed, Apple says, by creating an SSH tunnel for the VNC connection and preventing the connection if the SSH tunnel can't be created. The new update can be obtained through Software Update for machines that have ARD installed, or directly from Apple's Software Downloads web page.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Samsung Galaxy S 5

The Samsung Galaxy S5 might be the phone that Android users have been craving for some time. Information coming out of Mobile World Co ...

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Sponsor

toggle

Most Commented

 
toggle

Popular News