Arek Dreyer

**Name of the Vulnerable Software and Affected Versions** Apple OS X Server versions prior to 3.0 **Description** The issue concerns the RADIUS service in Server App, where it selects a fallback X.509 certificate under certain circumstances. This could potentially allow man-in-the-middle attackers to hijack RADIUS sessions if they have knowledge of the private key matching the fallback certificate. **Recommendations** For Apple OS X Server versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the RADIUS service until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.7.2 **Description** The issue allows local users to read the password data of arbitrary users via unspecified vectors. **Recommendations** For Apple Mac OS X versions prior to 10.7.2, update to version 10.7.2 or later to resolve the issue.