Vulnerability Description
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | <= 10.8.5 |
| Apple | Apple Remote Desktop | <= 3.6.2 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN56210048/741993/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN56210048/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177Vendor Advisory
- http://www.securitytracker.com/id/1034187
- http://jvn.jp/en/jp/JVN56210048/741993/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN56210048/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177Vendor Advisory
- http://www.securitytracker.com/id/1034187
FAQ
What is CVE-2013-5229?
CVE-2013-5229 is a vulnerability with a CVSS score of 3.7 (LOW). The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physical...
How severe is CVE-2013-5229?
CVE-2013-5229 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5229?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Apple Remote Desktop.