Pepi Zawodsky

**Name of the Vulnerable Software and Affected Versions** Apple OS X Server versions prior to 5.2 **Description** The issue allows remote attackers to defeat cryptographic protection mechanisms, potentially via unspecified vectors, due to the support of the RC4 cipher. **Recommendations** For versions prior to 5.2, update to version 5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X Server versions prior to 5.1 **Description** The issue is related to the Web Server component in Apple OS X Server, which supports the RC4 algorithm. This makes it easier for remote attackers to defeat cryptographic protection mechanisms. The vulnerability is associated with errors in cryptographic transformations, allowing a remote attacker to exploit and compromise the cryptographic protection mechanism. **Recommendations** For Apple OS X Server versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the RC4 algorithm in the Web Server component until a patch is available. Restrict access to the Web Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0.1 **Description** The issue allows user-assisted remote attackers to obtain sensitive information by sniffing the network in certain circumstances involving a paste into the address bar, where http requests are made for https URIs. **Recommendations** For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.