Apple Mac OS X And Remote Desktop Local Security Bypass Vulnerability
4 Feb. 2016
Summary
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
Credit:
The information has been provided by Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd..
Vulnerable Systems:
* Apple OS X before 10.9 and Apple Remote Desktop before 3.7
Immune Systems:
* Apple OS X after 10.9 and Apple Remote Desktop after 3.7
Apple Mac OS X and Remote Desktop are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
CVE Information: CVE-2013-5229 Disclosure Timeline:
Original release date: 11/13/2015
Last revised: 11/16/2015