CVE-2013-5136

Name of the Vulnerable Software and Affected Versions Apple Remote Desktop versions prior to 3.7

Description The issue allows remote attackers to obtain sensitive information by sniffing the network during an unintended cleartext VNC session, due to improper use of server authentication-type information. This occurs when an unencrypted-connection warning message is not presented as expected.

Recommendations For Apple Remote Desktop versions prior to 3.7, update to version 3.7 or later to resolve the issue.