CVE-2014-1257CVE-2014-1257

Affected configuration(s):

cpe:/o:apple:mac_os_x:10.8.0
cpe:/o:apple:mac_os_x:10.8.1
cpe:/o:apple:mac_os_x:10.8.2
cpe:/o:apple:mac_os_x:10.8.3
cpe:/o:apple:mac_os_x:10.8.4
cpe:/o:apple:mac_os_x:10.8.5
cpe:/o:apple:mac_os_x:10.8.5:supplemental_update

Date published: 2014-02-26T20:55:03.897-05:00

Date last modified: 2014-02-27T08:55:11.227-05:00

CVSS Score: 3.6

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://support.apple.com/kb/HT6150

Summary: CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.