CVE-2015-3774

Name of the Vulnerable Software and Affected Versions Dictionary app in Apple OS X versions prior to 10.10.5

Description The issue concerns the Dictionary app in Apple OS X, which does not use HTTPS, allowing man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. This is due to insufficient input validation, which can be exploited to gain access to protected information or modify the data stream between the client and server.

Recommendations For versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider restricting network access to trusted sources to minimize the risk of exploitation.