PT-2009-5169 · Apple · Macos X
Brian Mastenbrook
·
Publicado
2009-11-10
·
Atualizado
2009-11-17
·
CVE-2009-2808
CVSS v2.0
5.4
Média
| Vetor | AV:A/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions prior to 10.6.2
Description
The issue concerns the Help Viewer in Apple Mac OS X, which does not use a secure HTTPS connection to retrieve content from a website. This allows man-in-the-middle attackers to send a crafted
help:runscript link, potentially executing arbitrary code via a spoofed response.Recommendations
For versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Macos X