PT-2011-4317 · Apple · Macos X

Aaron Sigel

Published

2011-10-14

Updated

2012-01-14

CVE-2011-3224

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions through 10.6.8

Description The issue concerns the User Documentation component in Apple Mac OS X, which uses http sessions for updates to App Store help information. This allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

Recommendations For Apple Mac OS X versions through 10.6.8, consider disabling the use of http sessions for App Store help information updates until a secure alternative is implemented. Restrict access to the App Store help information to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-3224

Affected Products

Macos X

PT-2011-4317 · Apple · Macos X

CVE-2011-3224

Related Identifiers

Affected Products

References · 5