(LiveHacking.Com) – Apple has released a new version of its remote viewing software. Remote Desktop 3.5.3 addresses an issue where connecting to a third-party VNC server with “Encrypt all network data” enabled could lead to information disclosure.
According to the release information, “when connecting to a third-party VNC server with ‘Encrypt all network data’ set, data is not encrypted and no warning is produced. This issue is addressed by creating an SSH tunnel for the VNC connection in this configuration, and preventing the connection if the SSH tunnel cannot be created.”
Apple Remote Desktop 3.5.1 and earlier are not affected.
The new version of Apple Remote Desktop can be installed using the Software Update service in Mac OS X or at Apple’s Software Downloads web site: http://www.apple.com/support/