CVE-2014-4425

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.10

Description The issue concerns the CFPreferences component in Apple OS X, which fails to properly enforce the setting that requires a password after sleep or screen saver begins. This makes it easier for physically proximate attackers to gain access to an unattended workstation.

Recommendations For Apple OS X versions prior to 10.10, consider enabling the "require password after sleep or screen saver begins" setting and ensuring workstations are attended at all times to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.