CVE-2013-1028

Name of the Vulnerable Software and Affected Versions Mac OS X versions prior to 10.8.5

Description The issue concerns the IPSec implementation when Hybrid Auth is used, where it fails to verify X.509 certificates from security gateways. This allows attackers to spoof security gateways and obtain sensitive information by using a crafted certificate.

Recommendations For versions prior to 10.8.5, update to Mac OS X version 10.8.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of Hybrid Auth until the update is applied.