Emil Sjölander

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10 **Description** The issue concerns the CFPreferences component in Apple OS X, which fails to properly enforce the setting that requires a password after sleep or screen saver begins. This makes it easier for physically proximate attackers to gain access to an unattended workstation. **Recommendations** For Apple OS X versions prior to 10.10, consider enabling the "require password after sleep or screen saver begins" setting and ensuring workstations are attended at all times to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10 **Description** The issue concerns the Dock in Apple OS X, where it does not properly manage the screen-lock state. This allows physically proximate attackers to view windows by leveraging an unattended workstation. **Recommendations** For Apple OS X versions prior to 10.10, update to version 10.10 or later to resolve the issue.