Andrew Mortensen

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.5.7 **Description** The issue is related to the improper parsing of noncompliant Set-Cookie headers by CFNetwork in Mac OS X. This allows remote attackers to obtain sensitive information by sniffing the network for secure cookies that are sent over unencrypted HTTP connections. **Recommendations** For Mac OS X versions prior to 10.5.7, update to version 10.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Remote Desktop versions prior to 3.1 **Description** The issue allows local users on an Apple Remote Desktop administration system to gain root privileges on client systems by modifying certain built-in packages due to insecure permissions. **Recommendations** For Apple Remote Desktop versions prior to 3.1, update to version 3.1 or later to resolve the issue.